noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

City of Baton Rouge, LA

Proposed Transition Plan for the City of St. George
United States Attorney's Office[...]

Dominican National Charged With Illegal Reentry
United States Attorney's Office[...]

Portland Man Sentenced to 2 ½ Years, Ordered to Pay $32,564 in[...]

Politics and Policy

OCC - Office of Comptroller of Currency

08/29/2024 | Press release | Distributed by Public on 08/29/2024 13:34

Cybersecurity: FFIEC Cybersecurity Assessment Tool Sunset Statement

Summary

The Federal Financial Institutions Examination Council (FFIEC),¹ on behalf of its members, is issuing this statement to communicate that the FFIEC will sunset the Cybersecurity Assessment Tool (CAT)² on August 31, 2025.

Note for Community Bank

This statement applies to all OCC-supervised institutions.

Highlights

This statement

describes that the FFIEC will remove the CAT from the FFIEC website on August 31, 2025.
discusses that the FFIEC plans to host a webinar on new and updated government and industry resources that financial institutions can use to better manage cybersecurity risks. The webinar for bankers is scheduled to be held Monday, October 17, 2024, and will be announced via BankNet.

Background

The CAT was released in June 2015 as a voluntary assessment tool to help financial institutions identify their risks and determine their cybersecurity preparedness. While the fundamental security controls addressed throughout the maturity levels of the CAT are sound, several new and updated government and industry resources are available that financial institutions can leverage to better manage cybersecurity risks.

After much consideration, the FFIEC has determined not to update the CAT to reflect new government resources, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 and the Cybersecurity and Infrastructure Security Agency's (CISA) Cybersecurity Performance Goals. Supervised financial institutions can instead refer directly to these new government resources. CISA released Cross-Sector Cybersecurity Performance Goals in 2023 and is preparing to release Cybersecurity Performance Goals for the Financial Sector later this year. These resources were developed to help organizations of all sizes and sectors manage and reduce their cybersecurity risk in alignment with a whole-of-government approach to improve security and resilience.

Further Information

Please contact Patrick J. Kelly, Director for Critical Infrastructure Policy, Operational Risk Division, at (202) 649-6550.

Grovetta D. Gardineer
Senior Deputy Comptroller for Bank Supervision Policy

Sharing and Personal Tools

Please select the service you want to use:

Back

View original format