(Dec. 17, 2021) Self-testing of credit unions’ cybersecurity preparedness through an application released in October costs nothing and can be downloaded via NCUA’s website, the agency said in a letter this week to federally insured credit unions.
The Automated Cybersecurity Evaluation Toolbox (ACET) was created to help credit unions conduct a maturity assessment that aligns with the Federal Financial Information Council’s (FFIEC) Cybersecurity Assessment Tool, NCUA said in letter 21-CU-15, signed by agency board Chairman Todd Harper. It said the toolbox can be used by institutions of all sizes and complexity to determine and measure their information and cybersecurity preparedness against several industry standards and best practices.
The agency said the assessment incorporates cybersecurity standards and practices established for financial institutions: It includes practices found in the FFIEC IT Examination Handbooks, regulatory guidance, and leading industry standards like the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
“While we highly encourage the use and implementation of the maturity assessment for a credit union to determine its information and cybersecurity preparedness level, it is only a self-assessment,” according to the letter. “Credit unions are not required to use the Toolbox or complete the maturity assessment. However, it can provide insight into additional steps a credit union may consider taking to strengthen its overall security posture.”