Financial Institution Letters
October 18, 2016
FFIEC Cybersecurity Assessment Tool
Frequently Asked Questions
The Federal Financial Institutions Examination Council (FFIEC) issued a Frequently Asked Questions guide related to the Cybersecurity Assessment Tool (CAT).
Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions.
- The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial institutions' management identify risk and determine their cybersecurity preparedness.
- The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time.
- Use of the tool is voluntary. Financial institution management may choose to use the CAT or another framework, or another risk assessment process to identify inherent risk and cybersecurity preparedness.
- The FAQs clarify points in the CAT and supporting materials based on questions received by the FFIEC members over the course of the last year.
- Financial institution management primarily is responsible for assessing and mitigating their institution's cybersecurity risk, including risks from services provided by third-parties. Financial institutions may find the latest information about cyber security risk management at the FFIEC Cybersecurity Awareness website.
- FDIC-Supervised Banks (Commercial and Savings)
- Chief Executive Officer
- Chief Information Office
- Chief Information Security Officer
- Donald Saxinger, Chief, IT Supervision, at firstname.lastname@example.org or (703) 254-0214
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at https://www.fdic.gov/news/news/financial/2016/.
To receive FILs electronically, please visit https://www.fdic.gov/about/subscriptions/fil.html.
Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).