FFIEC Updates Cybersecurity Assessment Tool
Yesterday, on May 31, 2017, the Federal Financial Institution Examination Council (FFIEC), issued an update to the Cybersecurity Assessment Tool (often recognized as “the CAT” throughout our industry). The update specifically ties and maps the CAT to the updated FFIEC Examination Handbook, focusing on the recently improved Information Security and Management booklets. Additionally, the updates to the assessment tool allow for enhanced response criteria when performing the self-assessment. The CAT now permits responders to enter supplementary or complementary behaviors, or overarching controls. In other words, additional strong practices, processes, and IT general controls that the financial institution has in place to strengthen its security posture can be taken into account when attempting to establish inherent risk and maturity ratings.