Skip to Content

Mini Menu

Locate a credit union
Toggle Submenu
Find More Info

FFIEC Releases Cybersecurity Assessment Observations, Recommends Participation in Financial Services Information Sharing and Analysis Center


3501 Fairfax Drive, Room B7081a, Arlington, VA 22226-3550 – (703) 516-5588 – FAX (703) 562-6446 – http://www.ffiec.gov

Press Release

November 3, 2014

 

For Immediate Release


 

FFIEC Releases Cybersecurity Assessment Observations, Recommends Participation in
Financial Services Information Sharing and Analysis Center

 
The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, today released observations from the recent cybersecurity assessment and recommended regulated financial institutions participate in the Financial Services Information Sharing and Analysis Center (FS-ISAC).

During the summer of 2014, FFIEC members piloted a cybersecurity assessment at more than 500 community institutions to evaluate the institutions’ preparedness to mitigate cybersecurity risks.  The assessment supplemented regularly scheduled exams and built upon key supervisory expectations contained within existing FFIEC information technology handbooks and other regulatory guidance.  The “FFIEC Cybersecurity Assessment General Observations,” released today, provides themes from the assessment and suggests questions that chief executive officers and boards of directors may consider when assessing their institutions’ cybersecurity preparedness.

The FFIEC also recommended that financial institutions of all sizes participate in the FS-ISAC as part of their process to identify, respond to, and mitigate cybersecurity threats and vulnerabilities.  The FS-ISAC is a non-profit, information-sharing forum established by financial services industry participants to facilitate the public and private sectors’ sharing of physical and cybersecurity threat and vulnerability information.  Rapidly evolving cybersecurity risks reinforce the need for all institutions and their critical technology service providers to have appropriate methods for obtaining, monitoring, sharing, and responding to threat and vulnerability information.  Financial institution management is expected to monitor and maintain sufficient awareness of cybersecurity threats and vulnerability information so that they may evaluate risk and respond accordingly.

Related Links

                                                                                   ###


The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. The Council has six voting members: a Governor of the Board of Governors of the Federal Reserve System designated by the Chairman of the Board, the Chairman of the Federal Deposit Insurance Corporation, the Chairman of the Board of the National Credit Union Administration, the Comptroller of the Currency, the Director of the Consumer Financial Protection Bureau, and the Chairman of the State Liaison Committee. The Council's activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions.

Media Contacts
CFPB Sam Gilford (202) 435-7673
FDIC Greg Hernandez (202) 898-6984
FRB Susan Stawick (202) 452-2955
NCUA Ben Hardaway (703) 518-6333
OCC Stephanie Collins (202) 649-6870
SLC Catherine Woody (202) 728-5733

National Credit Union Administration

1775 Duke Street
Alexandria, VA - 22314
www.ncua.gov


Office of Public & Congressional Affairs

(703) 518-6330
pacamail@ncua.gov

"Protecting credit unions and the consumers who own them through effective regulation"

9/20/2018 5:59 PM