Yesterday, on May 31, 2017, the Federal Financial Institution Examination Council (FFIEC), issued an update to the Cybersecurity Assessment Tool (often recognized as “the CAT” throughout our industry). The update specifically ties and maps the CAT to the updated FFIEC Examination Handbook, focusing on the recently improved Information Security and Management booklets. Additionally, the updates to the assessment tool allow for enhanced response criteria when performing the self-assessment. The CAT now permits responders to enter supplementary or complementary behaviors, or overarching controls. In other words, additional strong practices, processes, and IT general controls that the financial institution has in place to strengthen its security posture can be taken into account when attempting to establish inherent risk and maturity ratings.
About W. Jackson Schultz, CISA
Jackson is a senior auditor with OCD Tech. Currently, Jackson performs IT audit control testing for OCD Tech clients.
You also might be interested in
Have you set up a Nessus scanner and wondered why in the credentialed scan settings menu, the password form field has ‘unsafe!’ next to it?
On an external penetration test earlier this year, OCD Tech[...]
What should I do if I suspect my company is[...]