Skip Header
U.S. flag

An official website of the United States government

Directors' Resource Center

Regulatory Guidance: Risk Management Supervision

Cybersecurity and Information Security

FFIEC Cybersecurity Awareness (

FDIC Financial Institution Letters

FDIC Financial Institution Letters
FIL Number Title
FIL-68-2016 FFIEC Cybersecurity Assessment Tool Frequently Asked Questions
FIL-37-2016 FFIEC Joint Statement on Cybersecurity of Interbank Messaging and Wholesale Payment Networks
FIL-28-2015 Cybersecurity Assessment Tool
FIL-13-2015 FFIEC Joint Statements on Destructive Malware and Compromised Credentials
FIL-49-2014 Technology Alert GNU Bourne-Again Shell (Bash) Vulnerability
FIL-16-2014 Technology Alert OpenSSL Heartbleed Vulnerability
FIL-11-2014 Distributed Denial of Service (DDoS) Attacks
FIL-10-2014 ATM and Card Authorization Systems
FIL-56-2010 Guidance on Mitigating Risk Posed by Information Stored on Photocopiers, Fax Machines and Printers
FIL-30-2009 Identity Theft Red Flags, Address Discrepancies, And Change of Address Regulations Frequently Asked Questions
FIL-32-2007 FDIC's Supervisory Policy on Identity Theft  
FIL-69-2005 Guidance on the Security Risks of Voice Over Internet Protocol (VoIP)
FIL-66-2005 Guidance on Mitigating Risks From Spyware
FIL-64-2005 Guidance on How Financial Institutions Can Protect Against Pharming Attacks
FIL-59-2005 Study Supplement on "Account-Hijacking" Identity Theft
FIL-27-2005 Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice
FIL-121-2004 Guidance on Developing an Effective Computer Software Evaluation Program to Assure Quality and Regulatory Compliance
FIL-114-2004 Risk Management of Free and Open Source Software FFIEC Guidance
FIL-103-2004 Interagency Informational Brochure on Internet Phishing Scams
FIL-84-2004 Guidance on the Risks Associated With Instant Messaging
FIL-62-2004 Guidance on Developing an Effective Computer Virus Protection Program
FIL-27-2004 Guidance on Safeguarding Customers Against E-Mail and Internet-Related Fraudulent Schemes
FIL-43-2003 Guidance on Developing an Effective Software Patch Management Program
FIL-30-2003 Federal Bank and Credit Union Regulatory Agencies Jointly Issue Guidance on the Risks Associated With Weblinking
FIL-8-2002 Wireless Networks And Customer Access
FIL-39-2001 Guidance on Identity Theft and Pretext Calling
FIL-77-2000 Bank Technology Bulletin
Protecting Internet Domain Names
FIL-82-96 Interagency Statement on the Risks to Financial Institutions Involving Client/Server Computer Systems