Thu, Sep 24, 2015
The FFIEC’s Cybersecurity Assessment Tool incorporates concepts and principles contained in the FFIEC’s Information Technology Examination Handbook, the National Institute of Standards and Technology (NIST) Cybersecurity Framework and industry accepted cybersecurity practices. In fact, the NCUA has stated that examiners will incorporate the FFIEC Assessment into its examinations starting in June 2016.
Credit unions can use the FFIEC’s Assessment Tool and/or NIST’s Cybersecurity Framework; however, since the FFIEC’s Assessment Tool was designed specifically for financial institutions and knowing that the NCUA will be incorporating it into their own examinations, credit unions may prefer to use the FFIEC’s tool.
The FFIEC Assessment is designed to provide a measurable and repeatable process to assess a credit union’s level of cybersecurity risk and preparedness. Credit unions of all sizes can and should use the Assessment. It is intended to complement, not replace, a credit union’s risk management process and cybersecurity program.