The Cyber Risk Institute—a coalition of financial institutions and trade associations including ABA—has updated its Financial Services Cybersecurity Profile. The profile—which ABA helped develop and which is intended to help financial institutions reduce the overall time spent on cyber risk compliance—is currently being implemented by many institutions and is accepted by the regulatory community.
The latest version of the profile, Version 1.1, incorporates the National Association of Insurance Commissioners Financial Condition Examiners Handbook. It also includes a suite of references for governance and supply chain/dependency management functions in order to better connect those functions to widely used industry standards; an updated user guide and frequently asked questions; a summary of updates and revisions; and mapping to NIST Cyber Security Framework and between NIST CSF/ISO IEC 27001.
Further revisions and a version 2.0 of the profile are planned for 2021. These updates will include mappings between the Profile and FFIEC Cybersecurity Assessment Tool, the incorporation of the FFIEC IT Handbook for Business Continuity Management and new operational resilience proposals, the addition of a maturity methodology, and a detailed user’s workbook.