Cybersecurity Assessment Tool Released

The FDIC & FFIEC have released a Cybersecurity Assessment Tool to help financial institutions with less than $1 Billion in total assets identify their cybersecurity risks and determine their preparedness. The Assessment provides a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time.

The Assessment consists of two parts: Inherent Risk Profile and Cybersecurity Maturity. The Inherent Risk Profile identifies the institution’s inherent risk before implementing controls. The Cybersecurity Maturity includes domains, assessment factors, components, and individual declarative statements across five maturity levels to identify specific controls and practices that are in place. While management can determine the institution’s maturity level in each domain, the Assessment is not designed to identify an overall cybersecurity maturity level. To complete the Assessment, management first assesses the institution’s inherent risk profile based on five categories: 1.)Technologies and Connection Types 2.) Delivery Channels 3.) Online/Mobile Products and Technology Services 4.) Organizational Characteristics 5.) External Threats. Management then evaluates the institution’s Cybersecurity Maturity level for each of five domains: 1.) Cyber Risk Management and Oversight 2.) Threat Intelligence and Collaboration 3.) Cybersecurity Controls 4.) External Dependency Management 5.) Cyber Incident Management and Resilience.

Learn More About the Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Presentation View Slides (PDF) | View Video

The FDIC encourages institutions to comment on the usability of the Cybersecurity Assessment Tool, including the estimated number of hours required to complete the Assessment, through a forthcoming Federal Register Notice. FDIC-supervised institutions may direct questions on the FFIEC Cybersecurity Assessment Tool through https://fdicsurveys.co1.qualtrics.com/jfe/form/SV_4JgpIWXWB9Gjps1.

Contact Us

Have any questions? Send our team an email and we'll get back to you as soon as posible. *Warning: Do not send or include any information in any email generated through this web site if you consider the information confidential or privileged. By submitting information by email or other communication in response to this web site, you agree that the communication does not create a lawyer-client relationship between you and the law firm and its lawyers and that any information submitted is not confidential and is not privileged. You further acknowledge that, unless the law firm subsequently enters into a lawyer-client relationship with you, any information you provide will not be treated as confidential and any such information may be used adversely to you and for the benefit of current or future clients of the law firm.

Start typing and press Enter to search