July 2, 2015
Cybersecurity Assessment Tool
The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness.
Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) is applicable to all FDIC-supervised institutions.
- The Cybersecurity Assessment Tool has been developed by the FFIEC members in response to requests from the industry for assistance in determining preparedness for cyber threats. Use of the Cybersecurity Assessment Tool is voluntary.
- The Cybersecurity Assessment Tool provides a way for institution management to assess an institution’s inherent risk profile and cybersecurity maturity to inform risk management strategies.
- The Cybersecurity Assessment Tool and a variety of supporting resources, including an executive overview, user’s guide and instructional presentation, are available on the Cybersecurity Awareness page of the FFIEC.gov website at https://www.ffiec.gov/cybersecurity.htm.
- Also available is a mapping of the Cybersecurity Assessment Tool to the Cybersecurity Framework issued by the National Institute for Standards and Technology and a mapping of the Baseline Statements of the Cybersecurity Assessment Tool to the FFIEC Information Technology Handbook.
- FDIC examiners will discuss the Cybersecurity Assessment Tool with institution management during examinations to ensure awareness and assist with answers to any questions.
- The FDIC encourages institutions to comment on the usability of the Cybersecurity Assessment Tool, including the estimated number of hours required to complete the Assessment, through a forthcoming Federal Register Notice.
- FDIC-supervised institutions may direct questions on the FFIEC Cybersecurity Assessment Tool through https://fdicsurveys.co1.qualtrics.com/jfe/form/SV_4JgpIWXWB9Gjps1