Yesterday, on May 31, 2017, the Federal Financial Institution Examination Council (FFIEC), issued an update to the Cybersecurity Assessment Tool (often recognized as “the CAT” throughout our industry). The update specifically ties and maps the CAT to the updated FFIEC Examination Handbook, focusing on the recently improved Information Security and Management booklets. Additionally, the updates to the assessment tool allow for enhanced response criteria when performing the self-assessment. The CAT now permits responders to enter supplementary or complementary behaviors, or overarching controls. In other words, additional strong practices, processes, and IT general controls that the financial institution has in place to strengthen its security posture can be taken into account when attempting to establish inherent risk and maturity ratings.

About W. Jackson Schultz, CISA
Jackson is a senior auditor with OCD Tech. Currently, Jackson performs IT audit control testing for OCD Tech clients.
You also might be interested in
We promised to write about the tools of our trade.[...]
OCD Tech continues to learn and grow. Most recently we[...]
In the realm of information technology, cybersecurity refers to the[...]