The Federal Financial Institutions Examination Council (FFIEC) announced it plans on sunsetting its Cybersecurity Assessment Tool (CAT) on Aug. 31, 2025. The CAT has been helping financial institutions identify their risks and determine their cybersecurity preparedness since it was released in June 2015 as a voluntary assessment tool.
The tool addresses fundamental security controls throughout various CAT maturity levels to ensure they are sound, as well as several new and updated government and industry resources financial institutions can leverage to better manage cybersecurity risks, according to an FFIEC press release.
“After much consideration, the FFIEC has determined not to update the CAT to reflect new government resources, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 and the Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Performance Goals. Supervised financial institutions can instead refer directly to these new government resources,” the release states. “CISA released Cross-Sector Cybersecurity Performance Goals in 2023 and is preparing to release Cybersecurity Performance Goals for the Financial Sector later this year. These resources were developed to help organizations of all sizes and sectors manage and reduce their cybersecurity risk in alignment with a whole-of-government approach to improve security and resilience. The FFIEC will discuss these resources during a banker webinar this Fall.”
More Info