Regulators seek FFIEC assessment tool feedback at April 7 workshop

March 29, 2016

WASHINGTON (3/29/16)--Individuals wishing to provide feedback on the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool will have the chance April 7, as part of a National Standards of Institute and Technology (NIST) cybersecurity workshop.

Federal regulators, including the National Credit Union Administration (NCUA), will conduct the meeting, which is scheduled to begin at 9 a.m. (ET).

The FFIEC introduced the assessment tool in June 2015 as a way for financial institutions to gauge their cybersecurity readiness. The FFIEC estimates that credit unions and other financial institutions can complete the assessment in 80 hours, however the Credit Union National Association (CUNA) questioned this estimate in a letter to the council in September.

CUNA will be monitoring the NIST workshop. 

CUNA has also expressed concerns that the NCUA and other regulators are working to include the assessment as part of the examination process. CUNA believes the tool will be most effective if voluntary.

The NCUA has previously outlined how it is training examiners regarding use of the assessment tool.

Along with other members of the Financial Services Sector Coordinating Council, CUNA not only urged the FFIEC to make use of the tool voluntary, but asked that the council treat the current version as an “initial version” not a finalized one.

CUNA would like to see over the next year that the FFIEC member agencies develop a “version 2.0.”

The assessment working session will be held at the NIST Campus in Gaithersburg, Md. All participants must pre-register here