FFIEC Releases Cybersecurity Assessment Tool

July 7, 2015

The Federal Financial Institutions Examination Council (FFIEC) released a Cybersecurity Assessment Tool to help institutions identify their risks and assess their cybersecurity preparedness.

Financial institutions of all sizes may use the assessment and other methodologies to perform a self-assessment and inform their risk management strategies. The release of the Cybsercurity Assessment Tool follows last year’s pilot assessment of cybersecurity preparedness at more than 500 institutions. The FFIEC plans to update the assessment as threats, vulnerabilities and operational environments evolve.

In addition to the assessment, the FFIEC has also made available an executive overview, a user’s guide, an online presentation explaining the assessment and appendices mapping the Assessment’s baseline maturity statements to the FFIEC Information Technology Examination Handbook.

The FFIEC members are also encouraging institutions to comment on the Assessment through an upcoming Paperwork Reduction Act notice in the Federal Register.

The FFIEC said the assessment t will help companies:

  • identify factors contributing to and determining the institution’s overall cyber risk.
  • assess the institution’s cybersecurity preparedness.
  • evaluate whether the institution’s cybersecurity preparedness is aligned with its risks
  • determine risk-management practices and controls that are needed or need enhancement and actions to be taken to achieve the desired state.
  • inform risk management strategies.

The assessment consists of an Inherent Risk Profile and Cybersecurity Maturity. Upon completion of both parts, according to the FFIEC, management can evaluate whether the institution’s inherent risk and preparedness are aligned.

The third pillar of ALTA’s <a href="http://www.alta.org/bestpractices">”Title Insurance and Settlement Company Best Practices”</a> provides guidance on network security of non-public personal information (NPI). 


Contact ALTA at 202-296-3671 or [email protected].