Frequently Asked Questions on the Automated Cybersecurity Evaluation Toolbox

General Questions

Is there a cost to downloading, installing, and using the ACET Toolbox application?

No, there is no cost to download and install the Toolbox. However, in order to use the application, you must meet the minimal software and hardware requirements found within the ACET Quick Install Guide.

Close and return to top

Are credit unions required to complete the ACET maturity assessment?

There is no requirement for a credit union to use the Toolbox or complete the maturity assessment within the Toolbox. However, we encourage the use and implementation of the maturity assessment for a credit union to determine its cyber preparedness level.

Close and return to top

Does the ACET maturity assessment replace the risk assessment process outlined in the Gramm-Leach-Bliley Act (GLBA) Guidelines?

No. While the ACET maturity assessment can be a component of a GLBA risk assessment process, credit unions should still complete a specific risk assessment that addresses the following:

  • Identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of member information or member information systems;
  • Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of member information; and
  • Assess the sufficiency of policies, procedures, member information systems, and other arrangements in place to control risks.
Close and return to top

Are examiners able to assist credit unions in completing the ACET maturity assessment?

Examiners may assist a credit union by providing guidance on the use of the ACET maturity assessment and Toolbox. However, the ACET maturity assessment is a self-assessment tool designed to be completed by credit unions.

Close and return to top

What value does the ACET maturity assessment module provide to credit unions?

By using the ACET maturity assessment, credit unions are able to enhance their oversight and management of the institution’s cybersecurity by doing the following:

  • Identifying factors contributing to and determining the institution’s overall cyber risk,
  • Assessing the institution’s cybersecurity preparedness,
  • Evaluating whether the institution’s cybersecurity preparedness is aligned with its risks, and
  • Determining risk management practices and controls that are needed or need enhancement and actions to be taken to achieve the desired state.

By conducting regular assessments, credit unions can be better prepared to make risk-driven security management decisions.

Close and return to top

How do I use the ACET maturity assessment within the Toolbox?

Information and resources are available for download on the ACET and Other Assessment Tools webpage. The webpage includes a video which provides a walkthrough of the entire process from the start of an assessment to reviewing reports. Additionally, the ACET User Guide is also available and will walk you through installation, as well as an assessment.

Close and return to top

Is the ACET maturity assessment the IT examination?

No. The ACET maturity assessment is a self-assessment and is not an IT examination.

Close and return to top

Where is information collected from the ACET maturity assessment stored?

The ACET application is a stand-alone desktop application. Information is only stored locally.

Close and return to top
Last modified on
12/15/21