Newsroom

The Federal Financial Institutions Examination Council on Monday issued a frequently asked questions document to clarify points in its 2015 cybersecurity assessment tool, which reaffirms that use of the tool by financial institutions is voluntary.

The seven-page FAQ document also answers how the cyber tool aligns with the National Institute of Standards and Technology's cybersecurity framework, noting that the framework was used in the development of the assessment tool.

Questions and answers also address how to determine an institution's cybersecurity maturity and risk profile and using the cybersecurity tool in oversight of third-party vendors.

FFIEC said it will not release an automated version of the tool at this time. However, NAFCU member credit unions do have access to a new user-friendly, interactive workbook produced by the association this summer. The workbook takes all the information from the FFIEC document and loads it into a shareable, fillable Excel spreadsheet that is self-tallying; the spreadsheet can then show the credit union's cybersecurity risk assessment and the maturity of its cybersecurity controls.

NCUA examiners have starting using the cybersecurity tool as part of their credit union exams. NAFCU has urged regulators to keep the tool's use voluntary.