WASHINGTON -- NCUA and the other Federal Financial Institutions Examination Council regulators have distributed revised guidance for examiners and financial institutions for identifying security risks, evaluating controls, and applicable risk management practices.
The updated booklet provides an overhaul of the 2002 version, addressing advances in technology, risk assessments, mitigation strategies, and regulatory guidance. Additionally, the risk assessment portion has been expanded to reflect the maturation of that process related to information security. New or revised material covering authentication, monitoring programs, and software trustworthiness is also included. Other topics including malware, wireless, remote access, and trust services have also been incorporated or revised.
"The security of financial institutions' systems and information is essential to maintaining the privacy of customer information and safe and sound operations," the agencies said in a joint release. "The Information Security Booklet describes how an institution should protect and secure the systems and facilities that process and maintain information. The booklet calls for financial institutions and technology service providers (TSPs) to maintain effective security programs tailored to the complexity of their operations."
Electronic versions of the Information Security Booklet and an Executive Summary of all 12 booklets that comprise the FFIEC IT Examination Handbook are available at www.ffiec.gov/guides.htm.