Mapping the Cybersecurity Assessment Tool to the NIST Framework

In 2015, the Federal Financial Institutions Examination Council (FFIEC), an interagency body under the government that includes the five major banking regulators in the United States, issued a Cybersecurity Assessment Tool, or Assessment, for banking institutions.

The tool was released as a means to help banks evaluate their cybersecurity readiness with the ever-present cybersecurity threat climate. With the tool, banks, regulators and examiners will be able to determine the inherent risk profile of any bank and their cybersecurity preparedness. The Assessment comprises of two parts. Determining the ‘inherent risk profile’ and the ‘cybersecurity maturity’ of a bank.

The tool however, needs to comply with the guidelines of the Cybersecurity Framework released by the National Institute of Standards and Technology (NIST), in 2014.

For its part, the NIST has made the effort to review and provide inputs on mapping the cybersecurity tool to its framework. The process underlines the complementary nature of both the resources, which is to ensure the accurate assessment of the inherent risk profiles of banks and to help provide a complete understanding of the cybersecurity infrastructure of a financial institution.

The complete mapping of the FFIEC Cybersecurity Assessment Tool to the NIST Cybersecurity Framework can be seen and downloaded here [PDF].

Image credit: Pixabay.