WASHINGTON (9/23/15)--Federal Financial Institutions Examination Council (FFIEC) member agencies should clarify and ensure that its Cybersecurity Assessment Tool remains voluntary, reads a joint letter signed by CUNA. CUNA followed up its own comment letter with the joint letter, which it signed along with other members of the Financial Services Sector Coordinating Council (FSSCC).
The National Credit Union Administration, along with other regulators, has indicated that it is preparing examiners to use the tool to assess an institution’s cybersecurity preparedness.
In addition to ensuring the tool remains voluntary, the FSSCC also recommended that the FFIEC treat the version of the Cybersecurity Assessment tool released June 30 as an initial version, not as a finalized tool for use in the formal examination process.
In the letter, the organizations stated they would like to see, over the next 12 to 18 months, the FFIEC member agencies collaborate to develop a “Version 2.0” of the tool. During its development, the entities would use a process similar to that used to develop the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework.
According to the FSSCC, this Version 2.0 would: