The Federal Financial Institutions Examination Council recently reemphasized the importance of a standardized approach for assessing and improving cybersecurity preparedness.  The FFIEC noted that following a standardized approach will help financial institutions track progress over time and share information with other financial institutions and regulators.

To assess cybersecurity preparedness, the FFIEC pointed out that financial institutions can choose among many standardized tools that are aligned with industry standards and best practices.  The agency avoided endorsing any one tool, but mentioned the following:  

·        The FFIEC Cybersecurity Assessment Tool

·        The National Institute of Standards and Technology Cybersecurity Framework

·        Financial Services Sector Coordinating Council Cybersecurity Profile

·        Center for Internet Security Critical Security Controls

The FFIEC cautioned that these tools do not replace examinations, and that agencies will continue to take a risk-based approach to such examinations.  In addition, as the risks continue to evolve, today’s tools may not cover all necessary aspects of preparedness.  Nevertheless, regulated entities would do well to keep the above list in mind when building out their respective cybersecurity systems.

Garris Horn frequently represents clients in dealing with the FFIEC and its various initiatives, including regarding cybersecurity systems.  For more information on this announcement, or to discuss any related matters, contact Troy Garris directly at 301-461-8952 or troy@garrishorn.com.