March 31, 2017 by

Mapping the Cybersecurity Assessment Tool to the NIST Framework

In 2015, the Federal Financial Institutions Examination Council (FFIEC), an interagency body under the government that includes the five major banking regulators in the United States, issued a Cybersecurity Assessment Tool, or Assessment, for banking institutions.

The tool was released as a means to help banks evaluate their cybersecurity readiness with the ever-present cybersecurity threat climate. With the tool, banks, regulators and examiners will be able to determine the inherent risk profile of any bank and their cybersecurity preparedness. The Assessment comprises of two parts. Determining the ‘inherent risk profile’ and the ‘cybersecurity maturity’ of a bank.

The tool however, needs to comply with the guidelines of the Cybersecurity Framework released by the National Institute of Standards and Technology (NIST), in 2014.

For its part, the NIST has made the effort to review and provide inputs on mapping the cybersecurity tool to its framework. The process underlines the complementary nature of both the resources, which is to ensure the accurate assessment of the inherent risk profiles of banks and to help provide a complete understanding of the cybersecurity infrastructure of a financial institution.

The complete mapping of the FFIEC Cybersecurity Assessment Tool to the NIST Cybersecurity Framework can be seen and downloaded here [PDF].

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

FFIEC Risk Profile

The growing threat to cybersecurity has prompted the Federal Financial Institutions Examination...

Read more arrow_forward

FFIEC Cybersecurity Assessment Tool Maturity Level

The Cybersecurity Assessment Tool or Assessment has been issued by The Federal Financial...

Read more arrow_forward

US Government Banking Council Releases Cybersecurity Assessment Tool

The Federal Financial Institutions Examination Council (FFIEC), a formal government interagency body...

Read more arrow_forward