FFIEC Releases Update to Cybersecurity Assessment Tool to Aid Institution Preparedness
On May 31, the Federal Financial Institutions Examination Council (FFIEC) announced the release of an update to the Cybersecurity Assessment Tool (CAT) developed to aid institutions in determining their risk profiles, identifying risks, and determining cybersecurity preparedness. The update details changes made to the FFIEC IT Examination Handbook and provides a revised mapping in Appendix A to the updated Information Security and Management booklets. The press release notes that “[m]anagement of financial institutions and management of third-party service providers are primarily responsible for assessing and mitigating their entities’ cybersecurity risk. Outlined in Appendix A, the CAT is a framework designed to provide a “repeatable and measurable process” to measure cybersecurity in areas such as cyber risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management, and cyber incident management and resilience. The CAT also provides “additional response options, allowing financial institution management to include supplementary or complementary behaviors, practices and processes that represent current practices of the institution in supporting its cybersecurity activity assessment.” Financial institutions access addition cybersecurity risk management information here.