Press Releases
Press Release
For Immediate Release July 27, 2006


The Federal Financial Institutions Examination Council today issued revised guidance for examiners and financial institutions to use in identifying information security risks and evaluating the adequacy of controls and applicable risk management practices of financial institutions. The Information Security Booklet is one of twelve that, in total, comprise the FFIEC IT Examination Handbook. In addition to the revised Information Security Booklet, the agencies also released an Executive Summary that contains high level synopses of each of the twelve booklets and describes the handbook development and maintenance processes.

The security of financial institutions' systems and information is essential to maintaining the privacy of customer information and safe and sound operations. The Information Security Booklet describes how an institution should protect and secure the systems and facilities that process and maintain information. The booklet calls for financial institutions and technology service providers (TSPs) to maintain effective security programs tailored to the complexity of their operations.

The guidance updates the 2002 Information Security Booklet and addresses changes in technology, risk assessments, mitigation strategies, and regulatory guidance. The discussion of risk assessment has been expanded to reflect the maturation of that process related to information security. New or revised material is included regarding authentication, monitoring programs, and software trustworthiness. Many additional topics including malware, wireless, remote access, and trust services have also been incorporated or revised.

Electronic versions of the Information Security Booklet and Executive Summary are available at

Media Contacts:

OTS Katie Fitzgerald 202-906-6677
FRB Susan Stawick 202-452-3128
FDIC David Barr 202-898-6992
NCUA Cherie Umbel 703-518-6337
OCC Dean DeBuck 202-874-5770

The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. The Council has five member agencies: the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision. The Council's activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions.