Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Financial Institution Letter

FFIEC Cybersecurity Assessment Tool

Frequently Asked Questions

Summary:

The Federal Financial Institutions Examination Council (FFIEC) issued a Frequently Asked Questions guide related to the Cybersecurity Assessment Tool (CAT).

Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions.

Highlights:

  • The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial institutions' management identify risk and determine their cybersecurity preparedness.
  • The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time.
  • Use of the tool is voluntary. Financial institution management may choose to use the CAT or another framework, or another risk assessment process to identify inherent risk and cybersecurity preparedness.
  • The FAQs clarify points in the CAT and supporting materials based on questions received by the FFIEC members over the course of the last year.
  • Financial institution management primarily is responsible for assessing and mitigating their institution's cybersecurity risk, including risks from services provided by third-parties. Financial institutions may find the latest information about cyber security risk management at the FFIEC Cybersecurity Awareness website .

Suggested Distribution:

  • FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:

  • Chief Executive Officer
  • Chief Information Office
  • Chief Information Security Officer

Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).

FIL-68-2016
Attachment(s)

Last Updated: October 18, 2016