Agencies Release Cybersecurity Self-Assessment Tool

The agencies of the Federal Financial Institutions Examination Council yesterday released a free cybersecurity self-assessment tool to help financial institutions of all sizes identify the cyber risks they face and assess their preparedness. The assessment is based on a 2014 pilot cybersecurity assessment of more than 500 financial institutions.

The assessment includes a profile of inherent risks that is keyed to the characteristics of individual financial institutions, such as technology profile, product lines and size. This is followed by a self-assessment template for five dimensions of cybersecurity maturity and tips for evaluating and interpreting results. It also maps the maturity levels to the voluntary cybersecurity benchmarks developed by the National Institute of Standards and Technology.

The assessment will become part of cybersecurity exams this year; for example, the OCC said yesterday that its examiners will begin incorporating it into exams in late 2015. FFIEC said it will update the assessment as the cyber risk environment evolves and will solicit public comments on the assessment.

ABA welcomed the release of the tool for its tailored approach to cybersecurity, which complements public and private-sector efforts to continue strengthening the cyber defenses of businesses and financial institutions. ABA expects to supplement the self-assessment with other resources to help implement the tool. For more information, contact ABA’s Doug Johnson.