FFIEC Compliance

Federal Financial Institutions Examination Council (FFIEC)

With the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) created the Cybersecurity Assessment, to help institutions identify their risks and determine their cybersecurity maturity.

The content of the Assessment is consistent with the principles of the FFIEC Information Technology Examination Handbook (IT Handbook) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, as well as industry accepted cybersecurity practices.

The Assessment provides institutions with a repeatable and measurable process to inform management of their institution’s risks and cybersecurity preparedness. The Assessment consists of two parts: Inherent Risk Profile and Cybersecurity Maturity. The Inherent Risk Profile identifies the institution’s inherent risk before implementing controls. The Cybersecurity Maturity includes domains, assessment factors, components, and individual declarative statements across five maturity levels to identify specific controls and practices that are in place. While management can determine the institution’s maturity level in each domain, the Assessment is not designed to identify an overall cybersecurity maturity level.

Questions? Contact One of Our Agents!

Controls

The FFIEC reports focus on controls addressed by five semi-overlapping categories.

SECURITY

1
Firewalls
2
Intrusion detection
3
Multi-factor authentication
4
Availability
5
Performance monitoring
6
Disaster recovery
7
Incident handling

CONFIDENTIALITY

1
Encryption
2
Access controls
3
Firewalls

PROCESSING INTEGRITY

1
Quality assurance
2
Process monitoring

PRIVACY

1
Access Control
2
Multi-factor authentication
3
Encryption

Perform automated FFIEC Assessments for Enterprise Assets and Integrate with Security and Risk Management.

Our Products

IT Cybersecurity Risk Assessments

A cybersecurity risk assessment identifies the various information assets that could be affected by a cyber-attack and then identifies the various risks that could affect those assets.

Policy Management

Is the regulator process of assessing third party vendors that focuses on identifying and reducing risks relating to the use of third parties (sometimes referred to as vendors, suppliers, partners, contractors, or service providers).

Privacy Management

Cloud and SaaS risk management along with controls involving security and regulatory compliance, continue to be major concerns.

Risk Management

A cybersecurity risk assessment identifies the various information assets that could be affected by a cyber-attack and then identifies the various risks that could affect those assets.

Third-party Vendor Risk Management

Cloud and SaaS Compliance

Cloud and SaaS risk management along with controls involving security and regulatory compliance, continue to be major concerns.

SecurEnds GRC secures your cyber assets

In less than 30 minutes, you can see why customers and MSSPs are choosing our purpose build saas software to achive assessments for FFIEC.

Schedule a Demo