FFIEC Urges Standardized Approach to Cybersecurity Preparedness

The Federal Financial Institutions Examination Council (FFIEC)—including the NCUA and CFPB—on Wednesday emphasized the benefits of using standardized approaches to evaluate and improve cybersecurity preparedness.

In a joint statement, the financial regulators said that institutions that adopt a standardized approach can track their progress over time and share best practices with other institutions and regulators.

The group said that financial institutions may choose from several standardized tools that meet industry standards and best practices.

Those tools include the FFIEC Cybersecurity Assessment Tool, the National Institute of Standards and Technology Cybersecurity Framework, the Financial Services Sector Coordinating Council Cybersecurity Profile, and the Center for Internet Security Critical Security Controls.

The council said its members do not endorse one tool, but the regulators welcome collaborative approaches to address cybersecurity challenges.

The regulators emphasized that the tools are not examination programs, adding that they take a risk-focused approach to examinations. And they said that as the risks evolve, examiners may address areas not covered by all tools.