As part of their contract with the Comptroller of the Currency, AboutWeb developed a Cybersecurity Assessment Tool for Federal Financial Institutions Examination Council (FFIEC). The tool helps financial organizations identify their risks and ascertain their cybersecurity maturity based on the principles of the FFIEC IT Examination Handbook, the National Institute of Standards and Technology (NIST). Cybersecurity Framework, as well as industry accepted cybersecurity practices.
The tool allows organizations to identify their inherent risk based on five categories:
* Technologies and Connection Types
* Delivery Channels
* Online/Mobile Products and Technology Services
* Organizational Characteristics
* External Threats
Then it evaluates the Cyber security Maturity level of the organization in five domains:
* Cyber Risk Management and Oversight
* Threat Intelligence and Collaboration
* Cyber security Controls
* External Dependency Management
* Cyber Incident Management and Resilience
The tool is used by banks and financial institutions to improve their management of cyber risks and improve their cyber security policies, procedures, and controls.