Enter to open, tab to navigate, enter to select
Federal Financial Institutions Examination Council Updates Information Security Booklet
Practical Law Legal Update w-003-4111 (Approx. 3 pages)
Federal Financial Institutions Examination Council Updates Information Security Booklet
by Practical Law Intellectual Property & Technology
| Published on 12 Sep 2016 • USA (National/Federal) |
The Federal Financial Institutions Examination Council (FFIEC) has updated its Information Security Booklet. The updated booklet describes effective information security policies for banks.
On September 9, 2016, the Federal Financial Institutions Examination Council (FFIEC) updated its Information Security Booklet, which guides federal examiners on how to evaluate the effectiveness of a bank's information security program, including the protection of sensitive information from cyber attacks. The revisions:
- Updated examination procedures that help examiners measure the adequacy of an institution's:
- information security program;
- information governance;
- security culture and operations; and
- assurance processes.
- Streamlined and reordered the booklet's information security concepts.
- Refocused on IT risk management and information security processes.
- Removed redundant management material.
The revised Information Security Booklet aligns with the FFEIC Cybersecurity Assessment Tool and the NIST Cybersecurity Framework. It forms a part of FFIEC's overall Information Technology Examination Handbook InfoBase.
The FFIEC is a formal federal interagency body that can:
- Prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the:
- Board of Governors of the Federal Reserve System (FRB);
- Federal Deposit Insurance Corporation (FDIC);
- National Credit Union Administration (NCUA);
- Office of the Comptroller of the Currency (OCC); and
- Consumer Financial Protection Bureau (CFPB).
- Make recommendations to promote uniformity in the supervision of financial institutions.