December 06, 2017

NAFCU releases updated FFIEC cybersecurity assessment tool workbook

NAFCU has released an updated version of its interactive workbook to help member credit unions save time and get faster results when using the Federal Financial Institutions Examination Council's (FFIEC) Cybersecurity Assessment Tool. The updated workbook reflects changes the council made to its tool in June.

The FFIEC's Cybersecurity Assessment Tool allows credit unions to do self-assessments of their cybersecurity risk management strategies. Unlike the FFIEC's tool, NAFCU's workbook is an Excel-based, fillable, self-tallying version of the council's tool that is shareable across an organization. The workbook is available only to NAFCU members; it continues to be one of the most popular downloads on the association's website.

However, due to the popularity of NAFCU's workbook, the association's regulatory compliance team also offers a sample workbook for nonmember credit unions to download and try.

Updates to the council's Cybersecurity Assessment Tool include a revised mapping in Appendix A to the updated Information Security and Management booklets. The assessment will also provide additional response options, allowing financial institution management to include supplementary or complementary behaviors, practices and processes that represent current practices of the institution in supporting its cybersecurity activity assessment. These changes have been incorporated into NAFCU's updated workbook, along with other small improvements based on member feedback.

NAFCU offers other cybersecurity compliance resources, including its Compliance Cyber Café newsletter and a collection of Compliance Blog posts on cybersecurity.