The Federal Financial Institutions Examination Council (FFIEC) developed its cybersecurity assessment tool to help financial institutions identify their risks and determine their level of cybersecurity preparedness.To comply, organizations must conform to FFIEC standards for online banking. Compliance success is determined by comprehensive assessments of an organization’s IT environment and identifying potential security weaknesses and threats. To maintain an adequate security posture, goals are set, solutions implemented, and periodic risk assessments performed.
An important requirement for FFIEC compliance is multi-factor authentication (MFA). Acceptable MFA includes biometric verification methods such as finger scanning, iris recognition, facial recognition, and voice ID. Smart cards and other electronic devices may also be used together with traditional user IDs and acceptably strong passwords. Financial institutions must encrypt all online transaction processing (OLTP). Encryption levels must be sufficient to prevent unauthorized disclosure within a financial institution’s internal networks and among shared external networks.
The SureShield platform simplifies FFIEC compliance by automating technical controls and guiding you through operational controls. SureShield’s automation will reduce your overall FFIEC compliance cost by up to 90% when compared to traditional, labor-intensive compliance methods. For organizations requiring compliance to multiple frameworks, crosswalk automation drives cost savings up toward 90%.
FFIEC helps member organizations understand and address risk in view of the increasing volume and severity of cyber incidents.
FFIEC developed a tool to construct a quantitative view of an organizations risk exposure and evaluation of strategies to minimize threats.
FFIEC encourages the use of NIST with the more industry-specific CAT for its members, i.e., banks, credit unions, and other financial institutions.
The FFIEC has established regulations highlighting 11 security priorities for financial institution operations. By fully addressing these areas, organizations can put industry best practices in place to operate as a federally supervised financial institution without worrying about incurring fines and other penalties.
The 11 security priorities for financial institution operations are:
The FFIEC Cybersecurity Assessment Tool (CAT) measures the security risk present in an institution and its preparedness to mitigate that risk. FFIEC CAT Inherent Risk Profile measures risk across five categories and Cybersecurity Maturity identifies the institution’s inherent risk before implementing controls. Management first assesses the institution’s inherent risk profile based on five categories.
FFIEC CAT Cybersecurity Maturity Assessment assigns value to maturity levels in five domains. While management can determine the institution’s maturity level in each domain, it is not designed to identify a composite maturity level.
Activate FFIEC framework
Install scanner for compliance evidence gathering
Review baseline evidence to score compliance control status
Close compliance gaps
Ongoing compliance and gap surveillance
Enforced maintenance of compliance readiness
Do you need help assessing your compliance readiness? Learn how our automated crosswalk technology will dramatically reduce your labor requirements. Schedule your free consulting session, up to 1 hour.