NCUA, federal regulators encourage ‘standardized’ cyber-preparedness approach

Image result for ffiecThe Federal Financial Institutions Examination Council members highlighted the benefits of using a standardized approach to assess and improve cybersecurity preparedness.

The members explained that firms adopting a standardized approach are better able to track their progress over time, and share information and best practices with other financial institutions and regulators.

Institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness. These tools include the FFIEC Cybersecurity Assessment Tool, the National Institute of Standards and Technology Cybersecurity Framework, the Financial Services Sector Coordinating Council Cybersecurity Profile and the Center for Internet Security Critical Security Controls.

For complete details, view the press release from the FFIEC below:

For Immediate Release           August 28, 2019

FFIEC Encourages Standardized Approach to Assessing Cybersecurity Preparedness

The Federal Financial Institutions Examination Council (FFIEC) members today emphasized the benefits of using a standardized approach to assess and improve cybersecurity preparedness.

The members note that firms adopting a standardized approach are better able to track their progress over time, and share information and best practices with other financial institutions and with regulators.

Institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness. These tools include the FFIEC Cybersecurity Assessment Tool, the National Institute of Standards and Technology Cybersecurity Framework, the Financial Services Sector Coordinating Council Cybersecurity Profile, and the Center for Internet Security Critical Security Controls.

FFIEC members welcome collaborative approaches to advance and support cyber preparedness and enhance the efficiency and effectiveness of the supervisory process. While the FFIEC does not endorse any particular tool, these standardized tools support institutions in their self-assessment activities. The tools are not examination programs and the FFIEC members take a risk-focused approach to examinations. As cyber risk evolves, examiners may address areas not covered by all tools.

REFERENCES 

    FFIEC Cybersecurity Assessment Tool

    FSSCC Cybersecurity Profile

    NIST Cybersecurity Framework

    Center for Internet Security Controls

###

The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. It also conducts schools for examiners employed by the five federal member agencies represented on the FFIEC and makes those schools available to employees of state agencies that supervise financial institutions. The Council consists of the following six voting members: a member of the Board of Governors of the Federal Reserve System; the Chairman of the Federal Deposit Insurance Corporation; the Director of the Consumer Financial Protection Bureau; the Comptroller of the Currency; the Chairman of the National Credit Union Administration; and the Chairman of the State Liaison Committee.

Media Contacts:

Federal Reserve Darren Gersh (202) 452-2955

CFPB Marisol Garibay (202) 435-7425

FDIC Julianne Fisher Breitbeil (202) 898-6895

NCUA John Fairbanks (703) 518-6336

OCC Stephanie Collins (202) 649-6870

SLC James Kurtzke (202) 728-5733

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s