The Cybersecurity Assessment builds upon key aspects of existing supervisory expectations addressed in the FFIEC IT Handbook and other regulatory guidance and also:
- Assesses the complexity of an institution’s operating environment, including the types of communication connections and payments initiated, as well as how the institution manages its information technology products and services.
- Assesses an institution’s current practices and overall cybersecurity preparedness, with a focus on the following key areas:
- Risk Management and Oversight
- Threat Intelligence and Collaboration
- Cybersecurity Controls
- External Dependency Management
- Cyber Incident Management and Resilience