Federal Financial Institutions Examination Council (FFIEC)
The Federal Financial Institutions Examination Council (FFIEC) members are taking a number of initiatives to raise the awareness of financial institutions and their critical third-party service providers with respect to cybersecurity risks and the need to identify, assess, and mitigate these risks in light of the increasing volume and sophistication of cyber threats.
Financial institutions are increasingly dependent on information technology and telecommunications to deliver services to consumers and business every day. Disruption, degradation, or unauthorized alteration of information and systems that support these services can affect operations, institutions, and their core processes, and undermine confidence in the nation's financial services sector.
In June 2013, the FFIEC announced the creation of the Cybersecurity and Critical Infrastructure Working Group to enhance communication among the FFIEC member agencies and build on existing efforts to strengthen the activities of other interagency and private sector groups. In addition, the FFIEC began assessing and enhancing the state of the industry preparedness and identifying gaps in the regulators' examination procedures and training that can be closed to strengthen the oversight of cybersecurity readiness.
The National Institute of Standards and Technology defines cybersecurity as "the process of protecting information by preventing, detecting, and responding to attacks." As part of cybersecurity, institutions should consider management of internal and external threats and vulnerabilities to protect information assets and the supporting infrastructure from technology-based attacks.
In addition to providing a Cybersecurity Assessment Tool, the FFIEC also provides the following resources to help management and directors of financial institutions to understand supervisory expectations, increase awareness of cybersecurity risks, and assess and mitigate the risks facing their institutions.
-
FFIEC Cybersecurity Assessment Tool Frequently Asked Questions (PDF)
-
Cybersecurity of Interbank Messaging and Wholesale Payment Networks (PDF)
-
FFIEC Joint Statement on Cyber Attacks Involving Extortion (PDF)
-
FFIEC Cybersecurity Assessment Tool Presentation
-
FFIEC Statement on Destructive Malware (PDF)
-
FFIEC Statement on Compromising Credentials (PDF)
-
FFIEC IT Examination HandBook InfoBase
-
Introduction to the FFIEC’s Cybersecurity Assessment
-
May 7, 2014 - Webinar: Executive Leadership of Cybersecurity: What Today's CEOs Need to Know About the Threats They Don't See.
-
FFIEC Cybersecurity Assessment General Observations (PDF)
-
Cybersecurity Brochure (PDF)
FFIEC Statements and Alerts Regarding Threats and Vulnerabilities:
-
October 6, 2016 The Federal Financial Institutions Examination Council (FFIEC) Announces Webinars in Observance of Cybersecurity Awareness Month
-
June 7, 2016 The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, is issuing this statement, in light of recent cyber attacks, to remind financial institutions of the need to actively manage the risks associated with interbank messaging and wholesale payment networks.
-
November 3, 2015 The Federal Financial Institutions Examination Council (FFIEC) today issued a statement alerting financial institutions to the increasing frequency and severity of cyber attacks involving extortion.
-
June 30, 2015 The FFIEC today released a Cybersecurity Assessment Tool to help institutions identify their risks and assess their cybersecurity preparedness.
-
March 30, 2015 The FFIEC released information regarding the release of two statements about ways that financial institutions can identify and mitigate cyber attacks that compromise user credentials or use destructive software, known as malware.
-
March 17, 2015 The Federal Financial Institutions Examination Council (FFIEC) today provided an overview of its cybersecurity priorities for the remainder of 2015.
-
November 3, 2014 FFIEC Releases Cybersecurity Assessment Observations, Recommends Participation in Financial Services Information Sharing and Analysis Center
-
September 26, 2014 State and Federal Regulators: Financial Institutions Should Move Quickly to Address Shellshock Vulnerability
-
June 24, 2014 FFIEC Launches Cybersecurity Web Page and Commences Cybersecurity Assessment
-
May 7, 2014 FFIEC Promotes Cybersecurity Preparedness for Community Financial Institutions
-
April 10, 2014 Financial Regulators Expect Firms to Address OpenSSL "Heartbleed" Vulnerability
-
April 2, 2014 Financial Regulators Release Statements on Cyber-Attacks on Automated Teller Machine and Card Authorization Systems and Distributed Denial of Service Attacks
-
October 7, 2013 – Press Release: Financial Regulators Release Statement on End of Microsoft Support for Windows XP Operating System
-
October 2, 2013 – Press Release: FFIEC Supports National Cybersecurity Awareness Month
Link: https://www.ffiec.gov/cybersecurity.htm
