This year, the NCUA will begin using a new tool to help our examiners assess a credit union’s level of cybersecurity preparedness. Called the Automated Cybersecurity Examination Tool, it provides the NCUA with a repeatable, measurable and transparent process that improves and standardizes its supervision related to cybersecurity in all federally insured credit unions.

Developed in 2017, the Automated Cybersecurity Examination Tool mirrors the FFIEC’s Cybersecurity Assessment Tool developed for voluntary use by banks and credit unions. Just like the FFIEC’s Tool, the Automated Cybersecurity Examination Tool consists of two parts: the Inherent Risk Profile and the Cybersecurity Maturity level.

The Inherent Risk Profile in the tool helps determine a credit union’s exposure to risk by identifying the type, volume, and complexity of the institution’s operations. The Cybersecurity Maturity portion of the tool is designed to help measure a credit union’s level of risk and corresponding controls. The levels range from baseline to innovative.

The Cybersecurity Maturity assessment includes statements to determine whether an institution’s behaviors, practices, and processes can support cybersecurity preparedness within the following five domains:
  • Cyber-risk management and oversight
  • Threat intelligence and collaboration
  • Cybersecurity controls
  • External dependency management
  • Cyber-incident management and resilience

Read the full article here.