Cyber & IT Supervisory Forum - November 2023

Internal Use Only

R ‐ SAT v. 2.0: Questions 1 & 2

NEW: Added example frameworks (was only CIS Controls); corrected names for frameworks; added footnote to FFIEC press release regarding agencies not endorsing a specific framework.

NEW: Added new sub ‐ question to address review of gap analysis by the board, senior management, and, if applicable, the technology committee.

5

Internal Use Only

R ‐ SAT v. 2.0: Question 3

NEW: To encourage more thorough review of cyber insurance policies, added detailed checklist of services commonly offered through cyber insurance policies. Also asks for identification of insurance provider(s).

6