The landscape of cybersecurity threats continues to evolve with constant changes in technology. The Department of Savings and Mortgage Lending encourages institutions to take advantage of services and guidance available through trade associations, governmental entities, or private entities. Here are a few links intended to aid your efforts in protecting your community, customers, and institution:

  • Federal Financial Institutions Examination Council (FFIEC) is the formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB) and to make recommendations to promote uniformity in the supervision of financial institutions.
  • Financial Services Information Sharing and Analysis Center (FS-ISAC) is an industry consortium dedicated to reducing cyber-risk in the global financial system, serving financial institutions and in turn their customers. The organization leverages its intelligence platform, resiliency resources, and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyberthreats.
  • National Institute of Standards and Technology (NIST) has the mission of promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
  • Information Systems Audit and Control Association (ISACA) is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy, and governance professionals. ISACA is a global professional association and learning organization in areas of digital trust fields such as information security, governance, assurance, risk, privacy, and quality.
    • ISACA developed the COBIT (Control Objectives for Information and Related Technology) framework to help align IT strategy with organizational goals.
  • National Cyber Security Alliance (NCA) is non-profit organization founded in 2001, promoting cyber security, privacy, education, and awareness. The NCA works with various stakeholders in the government, industry, and civil society. The NCA promotes partnerships between the federal government and corporations operating in technology. NCA’s primary federal partner is the Cyber security and Infrastructure Security Agency within the U.S. Department of Homeland Security.
  • Conference of State Bank Supervisors (CSBS) supports state regulators in advancing the system of state financial supervision by ensuring safety, soundness, and consumer protection; promoting economic growth; and fostering innovative, responsive supervision.
    • CSBS developed the Ransomware Self-Assessment Tool (R-SAT) to help financial institutions assess their efforts to mitigate risks associated with ransomware and identify gaps for increasing security.

FDIC Cybersecurity Resources

Financial Institution Letters

FIL Title

Category

Date Issued

FIL-61-2024 - Sunset of FFIEC Cybersecurity Assessment Tool

Supervisory Guidance

9/5/2024

FIL-60-2024 - Updated FFIEC IT Examination Handbook – Development, Acquisition, and Maintenance Booklet

Examination Procedures and Manual Updates

8/29/2024

FIL-19-2024 - Third-Party Risk Management, A Guide for Community Banks

Miscellaneous

5/3/2024

FIL-52-2023 - Information Technology Risk Examination (InTREx) Procedures

Examination Procedures and Manual Updates

9/29/2023

FIL-29-2023 - Interagency Guidance on Third-Party Relationships: Risk Management

Supervisory Guidance

6/6/2023

FIL-50-2022 - Updated FFIEC Cybersecurity Resource Guide for Financial Institutions

Miscellaneous

10/27/2022

FIL-12-2022 - Computer-Security Incident Notification Implementation

Supervisory Guidance/ Miscellaneous

3/29/2022

FIL-64-2021 - FDIC Selects Four Vendors to Participate in a Rapid Phased Prototyping (RPP) Pilot Program

Information Technology/ Cybersecurity

9/9/2021

FIL-57-2021 - FDITECH Launches Tech Sprint to Measure and Test Bank Operational Resiliency

Information Technology/ Cybersecurity

8/16/2021

FIL-55-2021 - Authentication and Access to Financial Institution Services and Systems

Information Technology/ Cybersecurity

8/11/2021

FIL-50-2021 - Proposed Interagency Guidance on Third-Party Relationships: Risk Management

Risk Management

7/13/2021

FIL-47-2021 - Updated FFIEC IT Examination Handbook – Architecture, Infrastructure, and Operations Booklet

IT Technology/ Cybersecurity

6/30/2021

FIL-103-2020 - The FDIC Publishes Sound Practices to Strengthen Operational Resilience

Information Technology/ Cybersecurity

11/2/2020

FIL-52-2020 - FFIEC Joint Statement on Risk Management for Cloud Computing Services

Information Technology/ Cybersecurity

4/30/2020

FIL-3-2020 - Heightened Cybersecurity Risk Considerations

Information Technology/ Cybersecurity

1/16/2020

FDIC Banker Resource Center

  • Information Technology (IT) and Cybersecurity:  Listing frequently asked questions, advisories, statements of policy, and other information issued by the FDIC alone, or on an interagency basis, provided to promote safe-and-sound operations.

Technical Assistance Videos

  • Cybersecurity Awareness:  Video series designed to assist bank directors with understanding cybersecurity risks and related risk management programs, and to elevate cybersecurity discussions from the server room to the board room.
  • Cyber Challenge – A Community Bank Cyber Exercise:  Exercise to encourage discussion of operational risk issues and the potential impact of information technology disruptions on common banking functions.
Close Search Window