The Federal Financial Institutions Examination Council today announced it will sunset the Cybersecurity Assessment Tool for financial institutions on Aug. 31, 2025.
The CAT was released in 2015 as a voluntary assessment tool to help financial institutions identify their risks and determine their cybersecurity preparedness, FFIEC said. While the fundamental security controls addressed in the CAT are sound, “several new and updated government and industry resources are available that financial institutions can leverage to better manage cybersecurity risks.”
Those tools include the National Institute of Standards and Technology’s Cybersecurity Framework 2.0 and the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Performance Goals. “Supervised financial institutions can instead refer directly to these new government resources,” FFIEC said.
