The US Federal Financial Institutions Examination Council (FFIEC) has released a cybersecurity assessment tool to help institutions identify their risks and assess their cybersecurity preparedness.
Financial institutions of all sizes may use the assessment tool and associated methodologies to perform a self-assessment and inform their risk management strategies. The release follows last year’s pilot assessment of cybersecurity preparedness at more than 500 institutions. The FFIEC members plan to update the tool as threats, vulnerabilities, and operational environments evolve.
In addition to the assessment tool, the FFIEC has also made available an executive overview, a user’s guide, an online presentation explaining the assessment tool, and appendices mapping the tool’s baseline maturity statements to the FFIEC Information Technology Examination Handbook, mapping all maturity statements to the National Institute of Standards and Technology's Cybersecurity Framework, and providing a glossary of terms.
