The Federal Financial Institutions Examination Council released a Cyber Security Assessment Tool to help financial institutions identify their risks and assess their preparedness.
Financial institutions of all sizes may use the tool and other methodologies to perform a self-assessment and inform their risk management strategies. The release of the tool follows last year’s pilot assessment of cyber security preparedness at more than 500 institutions. The Exam Council members plan to update the tool as threats, vulnerabilities, and operational environments evolve.
In addition to the tool, the council also made available related resources that institutions may find useful, including an executive overview, a user’s guide, an online presentation explaining the tool, and appendices mapping the tool to the FFIEC Information Technology Examination Handbook; mapping it to the National Institute of Standards and Technology's Cybersecurity Framework; and providing a glossary of terms.