Banking Law Update

A blog from the attorneys of Verrill

Search Blog

Know Your Risks: FFIEC issues FAQs on its Cybersecurity Assessment Tool

by James I. Cohen on October 21, 2016

On October 18, 2016, the Federal Financial Institutions Examination Council published a set of Frequently Asked Questions to help financial institutions utilize the Council’s Cybersecurity Assessment Tool. The FAQs were announced as part of FIL-68-2016.

The Cybersecurity Assessment Tool is a voluntary process designed to help the management of financial institutions measure their cybersecurity risks and their ability to respond to a threat. The Tool was issued in June of 2015.

The FAQs address questions such as:

  • Why did the FFIEC release the Assessment? A. To help institutions develop a “measurable” and “repeatable” mechanism to address the growing cybersecurity threats;
  • How does the Assessment align with the NIST Cybersecurity Framework?A. The Assessment was developed using this framework along with the FFIEC IT Examination Handbook and “industry accepted cybersecurity practices.”
  • Will the FFIEC release an automated version of the Assessment. A. Not at this time.
  • Can the Assessment be used as part of my institutions’ oversight of third parties? A. Yes.
  • Does the FFIEC plan to update the assessment? A. Yes, as threats and risks evolve.

The FAQ’s are available here, and the Assessment Tool is available here.

Topics: Agency Notices and Advisories
James I. Cohen
James I. Cohen
Partner
Tel: (207) 253 4708
Find a Person
ABCDEFGHIJKLMNOPQRSTUVWXYZView All
View All
Key Industries
Building Construction Construction
Energy
Beer Food & Beverage
Health Care
Higher Education
Welding Manufacturing
Computer Chip Technology
Telecommunications
Contact Verrill at (855) 307 0700