WASHINGTON– The Federal Financial Institutions Examination Council, of which NCUA is a member, has issued a new booklet it said is designed to help examiners assess information technology practices.
According to the FFIEC, the “Development, Acquisition, and Maintenance” booklet provides examiners with fundamental examination expectations regarding entities’ development and acquisition planning and execution, governance and risk management, and maintenance and change management practices."
‘Interconnectedness’ Discussed
“It discusses the interconnectedness of an entity’s assets and processes and those of its third-party service providers along with information to help examiners assess whether management adequately addresses risks and complies with applicable laws and regulations,” the FFIEC stated. “The booklet reflects the changing technological environment and increasing need for security and resilience. It also highlights the importance of providing examiners with current information regarding safety and soundness, consumer protection, and provision of secure and resilient business services to customers.”
For Additional Info
The new booklet replaces the “Development and Acquisition” booklet issued in April 2004.
The complete FFIEC Information Technology Examination Handbook is available at https://ithandbook.ffiec.gov/.
NCUA: ACET Willl Continue to be Available
NCUA said that while the decision affects the broader financial services industry, the agency said its Automated Cybersecurity Examination Tool (ACET) will continue to be supported and remain available for use by credit unions.
The ACET is available for download at no charge on the NCUA’s website.
“As geopolitical events evolve, credit unions of all sizes must understand and operate under the assumption that they remain targets of not just cybercriminals, but foreign nations that intend to cause harm to critical infrastructure in the United States—of which credit unions are a vital part,” NCUA said. “As such, the NCUA encourages credit unions to use the ACET as a tool for assessing cybersecurity preparedness levels.”
Specifically Tailored
NCUA said ACET has been tailored specifically for credit unions and includes a user-friendly application interface, enhanced reporting features, and supplementary information. The ACET also includes added information and reporting capabilities not found in the FFIEC’s Cybersecurity Assessment Tool.