|For immediate release||May 31, 2017|
FFIEC Release Update to Cybersecurity Assessment Tool
The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, today released an update to the Cybersecurity Assessment Tool (Assessment). This update to the Assessment addresses changes to the FFIEC IT Examination Handbook by providing a revised mapping in Appendix A to the updated Information Security and Management booklets. The updated Assessment will also provide additional response options, allowing financial institution management to include supplementary or complementary behaviors, practices and processes that represent current practices of the institution in supporting its cybersecurity activity assessment.
The FFIEC members developed the Assessment to help financial institution management determine the institution's risk profile, inherent risks and cybersecurity preparedness. The Assessment provides a repeatable and measurable process that financial institution management may use to measure cybersecurity preparedness over time. Use of the tool is voluntary, and financial institution management may choose to use the Assessment or another framework, or another risk assessment process to identify inherent risk and cybersecurity preparedness.
Management of financial institutions and management of third-party service providers are primarily responsible for assessing and mitigating their entities' cybersecurity risk. Financial institutions can find the latest information about cybersecurity risk management at www.ffiec.gov/cybersercurity.htm
The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. It also conducts schools for examiners employed by the five federal member agencies represented on the FFIEC and makes those schools available to employees of state agencies that supervise financial institutions. The Council consists of the following six voting members: a member of the Board of Governors of the Federal Reserve System; the Chairman of the Federal Deposit Insurance Corporation;the Director of the Consumer Financial Protection Bureau; the Comptroller of the Currency; the Chairman of the National Credit Union Administration; and the Chairman of the State Liaison Committee.