FFIEC 2016 IT Compliance Handbook and Controls
Who is the FFIEC?
The Federal Financial Institutions Examination Council (FFIEC) is a five-member agency of the U.S. government made up of several U.S. financial regulatory agencies, created in 1979. The FFIEC determines consistent principles, standards and report forms for the federal inspection of financial institutions.
In October 2005, the FFIEC released a set of standards for online banking compliance. In order to determine whether or not an institution is in compliance with FFIEC guidelines, comprehensive evaluations of the internal environment must be conducted to identify potential security weaknesses and threats. upon this determination, goals are set, solutions implemented and periodic risk assessments will be performed in order to maintain an adequate level of security. There are eleven areas that Financial institutions must pay close attention to in order to maintain compliance. These include:
~ Business Continuity Planning
~ Development and Acquisition
~ Electronic Banking
~ Information Security
~ IT Audit
~ IT Management
~ Outsourcing Technology Services
~ Retail Payment Systems
~ Supervision of Technology Service Providers
~ Wholesale Payment Systems
In 2016, FFIEC released IT booklets, which act as guides to their IT Examination Toolkits in many industries. These include: Audit, Business Continuity Planning, Development & Acquisition, E-Banking, Information Security, Management, Operations, Outsourcing Technology Services, Retail Payment Systems, Supervision of Technology Service Providers, Wholesale Payment Systems, and other archived booklets. PDFs of these can be found, along with more information of the FFIEC website.
FFIEC Risk Assessment and Gap Assessment
As part of FFIEC, your organization is required to have a formal risk assessment from a qualified 3rd party firm. Our comprehensive assessments are designed to help you prepare for your FFIEC audit, and our patented risk management methodology will save your company time and money by creating a customized control framework mapping, designed specifically for your organization.
FFIEC Penetration Test
NightLion Security provides the advanced penetration testing services for web applications, databases, and internal infrastructure needed to protect your sensitive cardholder data and comply with CSF.