General Questions
No, there is no cost to download and install the Toolbox. However, in order to use the application, you must meet the minimal software and hardware requirements found within the ACET Quick Install Guide (Opens new window) .
Close and return to topThere is no requirement for a credit union to use the Toolbox or complete the maturity assessment within the Toolbox. However, we encourage the use and implementation of the maturity assessment for a credit union to determine its cyber preparedness level.
Close and return to topNo. While the ACET maturity assessment can be a component of a GLBA risk assessment process, credit unions should still complete a specific risk assessment that addresses the following:
- Identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of member information or member information systems;
- Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of member information; and
- Assess the sufficiency of policies, procedures, member information systems, and other arrangements in place to control risks.
Examiners may assist a credit union by providing guidance on the use of the ACET maturity assessment and Toolbox. However, the ACET maturity assessment is a self-assessment tool designed to be completed by credit unions.
Close and return to topBy using the ACET maturity assessment, credit unions are able to enhance their oversight and management of the institution’s cybersecurity by doing the following:
- Identifying factors contributing to and determining the institution’s overall cyber risk,
- Assessing the institution’s cybersecurity preparedness,
- Evaluating whether the institution’s cybersecurity preparedness is aligned with its risks, and
- Determining risk management practices and controls that are needed or need enhancement and actions to be taken to achieve the desired state.
By conducting regular assessments, credit unions can be better prepared to make risk-driven security management decisions.
Close and return to topInformation and resources are available for download on the ACET and Other Assessment Tools webpage. The webpage includes a This is an external link to a website belonging to another federal agency, private organization, or commercial entity. video (Opens new window) which provides a walkthrough of the entire process from the start of an assessment to reviewing reports. Additionally, the ACET User Guide (Opens new window) is also available and will walk you through installation, as well as an assessment.
Close and return to topNo. The ACET maturity assessment is a self-assessment and is not an IT examination.
Close and return to topThe ACET application is a stand-alone desktop application. Information is only stored locally.
Close and return to top