The Federal Financial Institutions Examination Council (FFIEC) is the federal agency responsible for enforcing and regulating financial institutions’ standards and protections. Developed in 1979 and composed of five separate FFIEC member agencies, it acts today as the framework for banking institutions and financial services. Proving compliance with the FFIEC is determined based on an organization’s cybersecurity maturity levels and posture. In 2005 during the introduction of online banking, the FFIEC developed a cybersecurity framework for banking institutions to abide by when handling sensitive banking information online and an FFIEC Cybersecurity Assessment Tool (CAT) for use to standardize compliance efforts and for institutions to identify their risks.
The FFIEC CAT is the primary way of proving compliance with the FFIEC. While this is good for standardization, it does very little to tie into other compliance frameworks financial institutions may need to implement. The CAT allows an organization to run internal assessments for auditing purposes. However, it does not unify that information in an easily accessible way, nor does it present assessment data in a way that can…
