NJCUL & Redstone Partner on ACET Portal
Officials say the portal is about helping CUs meet regulatory compliance obligations in a more cost-effective way.
The New Jersey Credit Union League has partnered with Huntsville, Ala.-based Redstone Consulting Group on a subscription-based portal aimed at helping credit unions prepare for examinations involving the NCUA’s new Automated Cybersecurity Examination Tool (ACET).
The NCUA developed ACET in 2017 as a way to help examiners evaluate a credit union’s cybersecurity preparedness and to benchmark the industry’s preparedness. The tool helps examiners look at everything from cyberrisk management and oversight to cybersecurity controls, incident management, threat intelligence and more.
ACET has been a hot topic, New Jersey Credit Union League President David Frankil told CU Times.
“We did a couple of one-day cybersecurity symposium and round tables back in August, September timeframe last year and had packed houses. This ACET process came up as a real need for assistance,” he said.
The cloud-based portal that is the foundation of the partnership between Redstone Consulting Group and the New Jersey Credit Union League essentially helps credit unions get organized for ACET-based examinations and build a cybersecurity process. Among other things, it establishes workflows, tracks progress and stores supporting documents. The annual subscription fees tie to the credit union’s asset base and typically run $2,000 per year and up for full functionality and unlimited users, according to a press release.
Credit unions have to scrutinize every part of their cybersecurity today, Frankil said. Having a structured process is helpful, especially for credit unions that aren’t big enough to afford full-time cybersecurity staffers. Many credit unions are using spreadsheets to keep track of all the requirements, he noted.
“This is, I think, a really innovative way to bring economy of scale to that process,” Frankil said of the portal.
“I think it does serve dual purposes,” he added. “Obviously regulatory burden becomes an issue if you layer on regulations on top of each other, on top of each other, and on top of each other, but behind the regulation is, I think, a shared intent to help protect members and their assets.”
“So on one level, the portal is about helping credit unions meet their regulatory compliance obligations in a more cost-effective way,” he added. “But I think on even a more fundamental level it’s helping them to do what they need to be doing anyway, which is to make sure that they are as secure as they can possibly be when it comes to cyber issues.”