CUNA staff joined with the Financial Services Information Sharing and Analysis Center (FS-ISAC) Thursday to host a webinar featuring NCUA staff on its new Automated Cybersecurity Examination Tool (ACET). NCUA developed ACET in 2017, piloted it in the third quarter and began ACET examinations in federally insured credit unions with assets above $1 billion in December.
According to NCUA, ACET standardizes the baseline review approach using an industry recognized framework. It also allows the agency to aggregate detailed information on industry practices and risk management.
Tim Segerson, director of Risk Management for NCUA, said examiners were trained with ACET and agency expectations in February.
“We’ve set pretty clear expectations because we want to make sure no one is surprised,” he said. “This isn’t going to be a ‘gotcha’ situation, but an ongoing conversation and collaboration with the industry.”
For the credit union industry, NCUA believes ACET brings;
Going forward through 2018, NCUA plans to continue pilot testing for different sized institutions, particularly smaller credit unions, continue refining the tool itself and the examination approach and will conduct additional industry training and outreach.
Segerson said NCUA is planning on a late 2018 or early 2019 full implementation of ACET.