On June 30, 2015, the Federal Financial Institutions Examination Council (FFIEC),1 on behalf of its members, issued a Cybersecurity Assessment Tool (Assessment) that financial institutions may use to evaluate their risks and cybersecurity preparedness. At the same time, the Office of the Comptroller of the Currency (OCC) announced that examiners will gradually incorporate the Assessment into examinations of national banks, federal savings associations, and federal branches and agencies (collectively, banks) of all sizes. Appendix A of this bulletin contains answers to frequently asked questions (FAQ) that bankers have posed to OCC examiners and policy staff members. Separately, this bulletin includes additional answers to FAQs that the FFIEC recently issued on behalf of its members. The OCC and FFIEC answers are designed to foster further industry and examiner understanding of the Assessment.
Read the full FFIEC FFIEC Cybersecurity Assessment Tool FAQ.