FFIEC Encourages Standardized Approach to Assessing Cybersecurity Preparedness
August 29, 2019
The Federal Financial Institutions Examination Council (FFIEC) says using a standardized approach to assess and improve cybersecurity preparedness is the best course to reduce risk.
The FFIEC says that firms adopting a standardized approach are better able to track their progress over time, and share information and best practices with other financial institutions and with regulators.
Institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness.
These tools include the:
- FFIEC Cybersecurity Assessment Tool
- FSSCC Cybersecurity Profile
- NIST Cybersecurity Framework
- Center for Internet Security Controls
While the FFIEC does not endorse any tool, these standardized resources support institutions in their self-assessment activities. The tools are not examination programs and the FFIEC members take a risk-focused approach to examinations. As cyber risk evolves, examiners may address areas not covered by all tools.
The FFIEC prescribes uniform principles, standards and report forms and to promote uniformity in the supervision of financial institutions.
Click here to access ALTA’s Title Insurance and Settlement Company Best Practices.
Contact ALTA at 202-296-3671 or [email protected].