(Dec. 17, 2021) Self-testing of credit unions’ cybersecurity preparedness through an application released in October costs nothing and can be downloaded via NCUA’s website, the agency said in a letter this week to federally insured credit unions.
The Automated Cybersecurity Evaluation Toolbox (ACET) was created to help credit unions conduct a maturity assessment that aligns with the Federal Financial Information Council’s (FFIEC) Cybersecurity Assessment Tool, NCUA said in letter 21-CU-15, signed by agency board Chairman Todd Harper. It said the toolbox can be used by institutions of all sizes and complexity to determine and measure their information and cybersecurity preparedness against several industry standards and best practices.
The agency said the assessment incorporates cybersecurity standards and practices established for financial institutions: It includes practices found in the FFIEC IT Examination Handbooks, regulatory guidance, and leading industry standards like the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
“While we highly encourage the use and implementation of the maturity assessment for a credit union to determine its information and cybersecurity preparedness level, it is only a self-assessment,” according to the letter. “Credit unions are not required to use the Toolbox or complete the maturity assessment. However, it can provide insight into additional steps a credit union may consider taking to strengthen its overall security posture.”
LINK:
(Oct. 15, 2021) Describing a new set of tools it has developed to promote digital safety as a “holistic cybersecurity resource” for credit unions, NCUA has scheduled an Oct. 28 webinar on the tool kit, the agency said this week.
The 60-minute webinar will cover the agency’s “Automated Cybersecurity Evaluation Toolbox (ACET),” and features participation by agency Board Chairman Harper. The event is scheduled to get underway at 3 p.m. ET.
According to the agency, the ACET is a downloadable self-contained application, developed for credit unions by the agency, which guides credit unions through the ACET “Maturity Assessment.” NCUA said that component is aligned with the FFIEC’s Cybersecurity Assessment Tool (CAT). The maturity assessment, the agency said, allows credit unions of all sizes to determine and measure their own cybersecurity preparedness over time.
The ACET also contains, NCUA said, several other types of industry recognized cybersecurity best practices and standards, including the “Ransomware Readiness Assessment (RRA)” from the federal government’s Cybersecurity & Infrastructure Security Agency (CISA). According to NCUA, the RRA is a “self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident.”
The webinar will include a question-and-answer session with participants. Registration for the event is now open, NCUA said; there is no fee.
LINK:
Understanding the Automated Cybersecurity Examination Tool (ACET)