IT Examiner School eBook May 2025

Internal Use Only

CIS Controls

DEVELOPED BY THE CENTER FOR INTERNET SECURITY (CIS) , THE CONTROLS OFFER

INCLUDES 18 CRITICAL CONTROLS THAT ARE MAPPED TO SPECIFIC DEFENSIVE ACTIONS.

EMPHASIZES BASIC CYBER HYGIENE , VULNERABILITY MANAGEMENT , AND INCIDENT RESPONSE PREPAREDNESS .

HIGHLY ACTIONABLE AND IDEAL FOR RESOURCE CONSTRAINED ORGANIZATIONS LOOKING FOR RAPID IMPROVEMENT IN SECURITY POSTURE.

PROVIDES A CLEAR PATH TO COMPLIANCE WITH BOTH REGULATORY REQUIREMENTS AND RISK MANAGEMENT GOALS.

A PRIORITIZED LIST OF CYBERSECURITY BEST PRACTICES.

Internal Use Only

Presenter Round Table

How effective do you think the FFIEC CAT was in evaluating cybersecurity maturity and identifying gaps for financial institutions?

Which of the alternative frameworks—CRI Profile, NIST CSF 2.0, or CIS Controls—do you think best aligns with current regulatory expectations, and why?

What steps should financial institutions be taking right now to prepare for the transition away from the CAT tool?

How should examiners adjust their engagement strategies with institutions during this transition period to ensure continued cybersecurity readiness?