Automated Cybersecurity Evaluation Toolbox
Additional information has been added to the Cybersecurity topic in the Security Channel of InfoSight for the Automated Cybersecurity Evaluation Toolbox (ACET). The NCUA Supervisory Priorities continues to highlight Information Security (cybersecurity) as an examination priority because of the significant and ever-evolving threat cybersecurity presents to the financial system. The NCUA encourages credit unions to conduct cybersecurity self-assessments, which also helps to prepare for an Information Security Examination.
The NCUA's ACET application provides credit unions with the capability to conduct a maturity assessment aligned with the Federal Financial Institutions Examination Council's (FFIEC) Cybersecurity Assessment Tool. Using the assessment within the toolbox allows credit unions of all sizes to easily determine and measure their own cybersecurity preparedness over time.
The ACET maturity assessment is completely voluntary and does not introduce any new requirements or expectations on credit unions. It is simply a tool that allows credit unions to identify and determine their levels of cybersecurity preparedness.
Using the Toolbox to conduct assessments on a regular basis may help credit unions to:
- Identify areas of risk proactively, before there is a problem.
- Determine the depth and breadth of cyber risk the credit union is exposed to.
- Discover the credit union's preparedness to deal with the cyber threats it may face.
- Make decisions about security processes and programs based on the true nature of risk.
- Use a measurable and repeatable process to assess risk preparedness over time.
- Understand, address, and mitigate cybersecurity risk.
