Summary:
The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness.
Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) is applicable to all FDIC-supervised institutions.
Highlights:
- The Cybersecurity Assessment Tool has been developed by the FFIEC members in response to requests from the industry for assistance in determining preparedness for cyber threats. Use of the Cybersecurity Assessment Tool is voluntary.
- The Cybersecurity Assessment Tool provides a way for institution management to assess an institution's inherent risk profile and cybersecurity maturity to inform risk management strategies.
- The Cybersecurity Assessment Tool and a variety of supporting resources, including an executive overview, user's guide and instructional presentation, are available on the Cybersecurity Awareness page of the FFIEC.gov website at https://www.ffiec.gov/cybersecurity.htm .
- Also available is a mapping of the Cybersecurity Assessment Tool to the Cybersecurity Framework issued by the National Institute for Standards and Technology and a mapping of the Baseline Statements of the Cybersecurity Assessment Tool to the FFIEC Information Technology Handbook.
- FDIC examiners will discuss the Cybersecurity Assessment Tool with institution management during examinations to ensure awareness and assist with answers to any questions.
- The FDIC encourages institutions to comment on the usability of the Cybersecurity Assessment Tool, including the estimated number of hours required to complete the Assessment, through a forthcoming Federal Register Notice.
Suggested Distribution:
- FDIC-Supervised Banks (Commercial and Savings)
Suggested Routing:
- Chief Executive Officer
- Chief Information Officer
- Chief Information Security Officer
Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).
FIL-28-2015