Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Financial Institution Letter

Sunset of FFIEC Cybersecurity Assessment Tool

Summary:

The Federal Financial Institutions Examination Council (FFIEC) issued a statement to communicate the August 31, 2025, sunset of the FFIEC Cybersecurity Assessment Tool (CAT).  The FFIEC will discuss new and updated government and industry resources during a banker webinar this Fall.

Statement of Applicability: The contents of, and material referenced in, this FIL apply to all FDIC-supervised financial institutions.

Highlights:

  • The CAT was released in June 2015 as a voluntary assessment tool to help financial institutions identify their risks and determine their cybersecurity preparedness. 
  • While fundamental security controls addressed throughout the maturity levels of the CAT are sound, several new and updated government and industry resources are available that financial institutions can leverage to better manage cybersecurity risks. 
  • The FFIEC has determined not to update the CAT to reflect new government resources, including the National Institute of Standards and Technology Cybersecurity Framework 2.0 and the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Performance Goals.
  • The FFIEC will remove the CAT from its website on August 31, 2025.
  • FDIC-supervised financial institutions may consider the use of industry-developed resources to assist in self-assessment activities. 
  • These resources were developed to help organizations of all sizes and sectors manage and reduce their cybersecurity risk in alignment with a whole-of-government approach to improve security and resilience.
  • The FFIEC will discuss these resources during a banker webinar this Fall.
FIL-61-2024
Attachment(s)
Related Topics
Information Technology

Last Updated: September 5, 2024