Is your institution effectively using the FFIEC Cybersecurity Assessment Tool?

​

The Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool (CAT) to help members of the banking industry to identify their real inherent risk levels and determine their current cybersecurity preparedness. The CAT provides a repeatable and measurable process for any financial institution to measure its cybersecurity preparedness.

​

The CAT works by detailing the current state of an organization's inherent risks and looking then at the maturity level of the internal controls that are in place. Banking institutions can use the CAT by conducting a two-part diligent inquiry:

• Establish the existing Inherent Risk Profile: The CAT provides approximately 40 individual inherent risk factors in activities, services, or products to be measured to determine a banking organization’s current level of inherent cybersecurity risk,

• Establish the existing current state of maturity within the Cybersecurity Internal Controls: The maturity level is assessed using over 500 individual assessment factors.

 

Once the diligent inquiry is completed, a banking institution’s management can clearly understand the adequacy of its controls and the gaps that need to be addressed.  

 

The FFIEC developed the CAT with the help of the National Institute of Standards and Technology (NIST). The CAT conforms with all of the current NIST Cybersecurity Standards including NIST 800-53.

 

Improve the protection of your financial organization from cyberthreats. Have a current cybersecurity assessment in place and be working on continuously improving the existing internal control framework’s level of maturity.

 

Professionals are available from The Accountware Group (TAG) to assist in preforming a diligent inquiry to provide an up-to-date Cybersecurity Assessment Report (CAR).