FFIEC Solicits Comments on Cybersecurity Assessment Tool

Council Looks to Enhance Quality, Utility and Clarity Information to Be Collected
FFIEC Solicits Comments on Cybersecurity Assessment Tool

The U.S. federal government is soliciting thoughts on the cybersecurity assessment tool used by the Federal Financial Institutions Examination Council.

See Also: The Financial Industry Threat Landscape: Top Threats and Proactive Security Best Practices

The governmental interagency body of all five banking regulators in 2015 introduced the tool as an ostensibly voluntary way for banks and credit unions to self-assess exposure to risk and the maturity of their cybersecurity program. The FFIEC appreciates "the benefits of using a standardized approach to assess and improve cybersecurity preparedness," as an August 2019 statement from the National Credit Union Administration underlined.

Financial services continue to be the target of severe cyberattacks, with data from consultancy Accenture showing the per-company cost of cybercrime reaching more than $18 million for sector companies.

In a notice set for publication by the Office of the Comptroller of the Currency, FFIEC members say they want information that will "enhance the quality, utility, and clarity of the information to be collected." It also asks for ways to minimize the burden of filling out the assessment, as well as whether its estimate of 90 hours on average to complete the assessment is accurate.

One thing the council will not do, the notice says, is report any public information based on analysis of anonymized contents of the assessment tool, despite a suggestion it do so. Members of the council "do not to intend to publish or otherwise make publicly available the results of financial institutions' use of the Assessment."

Only days ago, acting OCC head Michael Hsu urged an audience of Beltway financial executives to embrace multifactor authentication for better secure internal systems (see: OCC's Hsu Urges Multifactor Authentication).

About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.