FFIEC 2016 IT Compliance Handbook and Controls

Who is the FFIEC?

The Federal Financial Institutions Examination Council (FFIEC) is a five-member agency of the U.S. government made up of several U.S. financial regulatory agencies, created in 1979. The FFIEC determines consistent principles, standards and report forms for the federal inspection of financial institutions.

FFIEC Compliance

In October 2005, the FFIEC released a set of standards for online banking compliance. In order to determine whether or not an institution is in compliance with FFIEC guidelines, comprehensive evaluations of the internal environment must be conducted to identify potential security weaknesses and threats. upon this determination, goals are set, solutions implemented and periodic risk assessments will be performed in order to maintain an adequate level of security. There are eleven areas that Financial institutions must pay close attention to in order to maintain compliance. These include:
~ Business Continuity Planning
~ Development and Acquisition
~ Electronic Banking
~ Information Security
~ IT Audit
~ IT Management
~ Operations
~ Outsourcing Technology Services
~ Retail Payment Systems
~ Supervision of Technology Service Providers
~ Wholesale Payment Systems


IT Booklets

In 2016, FFIEC released IT booklets, which act as guides to their IT Examination Toolkits in many industries. These include: Audit, Business Continuity Planning, Development & Acquisition, E-Banking, Information Security, Management, Operations, Outsourcing Technology Services, Retail Payment Systems, Supervision of Technology Service Providers, Wholesale Payment Systems, and other archived booklets. PDFs of these can be found, along with more information of the FFIEC website.

FFIEC Risk Assessment and Gap Assessment

As part of FFIEC, your organization is required to have a formal risk assessment from a qualified 3rd party firm. Our comprehensive assessments are designed to help you prepare for your FFIEC audit, and our patented risk management methodology will save your company time and money by creating a customized control framework mapping, designed specifically for your organization.

>>Contact us for more information.

FFIEC Penetration Test

NightLion Security provides the advanced penetration testing services for web applications, databases, and internal infrastructure needed to protect your sensitive cardholder data and comply with CSF.

>> Contact us for more information.

Download FFIEC Compliance Handbook in XLS / CSV format

Subscribe to Download
Subscribe to immediately download your file


Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.