FFIEC Compliance
FFIEC Compliance
With the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) created the Cybersecurity Assessment, to help institutions identify their risks and determine their cybersecurity maturity.
The content of the Assessment is consistent with the principles of the FFIEC Information Technology Examination Handbook (IT Handbook) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, as well as industry accepted cybersecurity practices.
The Assessment provides institutions with a repeatable and measurable process to inform management of their institution’s risks and cybersecurity preparedness. The Assessment consists of two parts: Inherent Risk Profile and Cybersecurity Maturity. The Inherent Risk Profile identifies the institution’s inherent risk before implementing controls. The Cybersecurity Maturity includes domains, assessment factors, components, and individual declarative statements across five maturity levels to identify specific controls and practices that are in place. While management can determine the institution’s maturity level in each domain, the Assessment is not designed to identify an overall cybersecurity maturity level.
Strategic Decisions
1Risk Program:
Implement an enterprise-wide risk assessment and remediation program2Proactive Risk Management:
Early warning metrics and analytics on technology and IT asset risks3Vendor Management:
A vendor risk management (VRM) or third-party risk management (TPRM) program.
Operational Decisions
1Risk Program:
Implement an enterprise-wide risk assessment and remediation program2Proactive Risk Management:
Early warning metrics and analytics on technology and IT asset risks3Vendor Management:
A vendor risk management (VRM) or third-party risk management (TPRM) program.
Tactical Decisions
1Risk Program:
Implement an enterprise-wide risk assessment and remediation program2Proactive Risk Management:
Early warning metrics and analytics on technology and IT asset risks3Vendor Management:
A vendor risk management (VRM) or third-party risk management (TPRM) program.
SecurEnds GRC Secures your Cyber Assets
In less than 30 minutes, you can see why customers and MSSPs are choosing our purpose build SaaS software to achieve assessments for SOC 2