July 05, 2016

NAFCU publishes FFIEC Cybersecurity Assessment Tool Workbook

NAFCU today published a new interactive workbook to help its member credit unions save time and get faster results when using the Federal Financial Institutions Examination Council's Cybersecurity Assessment Tool, which allows credit unions to do self-assessments of their cybersecurity risk management strategies.

The workbook is a fillable, self-tallying version of the council's tool, and it is available only to NAFCU members.

"NAFCU's new, easy-to-use Cybersecurity Assessment Tool Workbook allows credit unions to save hundreds of valuable man-hours through its self-tallying function," said NAFCU Director of Regulatory Compliance Brandy Bruyere. "This tool will help credit union professionals gain an in-depth understanding of whether their institutions' potential risk is affected by their activities, products and services."

As with the FFIEC's Cybersecurity Assessment Tool, users first complete the Inherent Risk Profile to determine their institutions' cybersecurity risk, prior to the implementation of controls. They can proceed to use the second component, the Cybersecurity Maturity Level, to determine their institutions' current state of cybersecurity preparedness. The workbook can be shared across personnel and other departments, and is excellent resource for efficient exam preparation.

NAFCU has urged regulators to keep the tool's use voluntary. NCUA only began including cybersecurity in its exams in 2014, and plans to begin incorporating the tool into its examination process starting this month.

NAFCU also offers other cybersecurity compliance resources, including its Compliance Cyber Cafénewsletter and a collection of Compliance Blog posts on cybersecurity.