IT Examiner School, Seaside, CA

Cybersecurity Assessment Tool

• Used to identify risks and determine level of cybersecurity preparedness. • Highlights cyber-related elements from:

Innovative

Advanced

– Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination\ Handbook – National Institute of Standards and Technology’s (NIST) Cybersecurity Framework

Intermediate

Evolving

Baseline

• Divided into two main parts: – Inherent risk assessment – Maturity assessment

Cybersecurity Assessment Tool (CAT) Assessment methodology: • FFIEC has provided a Cyber Assessment methodology for financial institution use (can be used for other licensees)- information at www.FFIEC.gov • It assists in determining how much cybersecurity effort has been performed by the Licensee • Based on NIST 800-53 (National Institute of Standards & Technology) • For 2015, examiners are reviewing to ensure Licensees are at the Assessment “Baseline” • IT Exam process will be updated in late 2015 re: Cybersecurity reviews for 2016