FFIEC Compliance

What is FFIEC Compliance?

The Federal Financial Institutions Examination Council (FFIEC) provides cybersecurity standards and auditing for financial institutions and the following regulatory agencies:

  • Board of Governors of the Federal Reserve System (FRB)
  • Federal Deposit Insurance Corporation (FDIC)
  • National Credit Union Administration (NCUA)
  • Office of the Comptroller of the Currency (OCC)
  • Consumer Financial Protection Bureau (CFPB)

How Does Cygilant Help?

Cygilant’s SOCVue Security Monitoring service helps financial institutions address FFIEC cybersecurity standards by providing 24x7x365 security monitoring that aligns with the security monitoring section of the FFIEC Handbook.

Cygilant’s SOCVue Vulnerability Management service provides vulnerability detection and remediation guidance designed to help address FFIEC Host Security and User Equipment Security requirements.

With the Security Monitoring on-premises deployment option, Cygilant’s SOC team can also proactively assess several additional network security controls, which are based on the SANS/CIS Critical Security Controls, in order to reduce your compliance risk. The security controls are directly mapped to relevant sections of the FFIEC standards.

Our SOC team will work with your organization to enable the reporting you need to help meet your compliance objectives with ease.

Relevant Guidance How SOCVue Helps
FFIEC Handbook (II.C.22) states, “Management should use SIEM systems to discern trends and identify potential information security incidents.” SOCVue Security Monitoring meets all of the criteria and capabilities for continuous security monitoring as defined in Section II.C.22 of the FFIEC Handbook. SOCVue delivers continuous information security monitoring capabilities for credit unions, including both banking and administrative systems.
FFIEC Handbook (Objective 6) states that auditors should look for evidence that credit unions “collect data to build metrics and reporting of vulnerability management.” SOCVue Vulnerability Management meets requirements for continuous detection and reporting on known vulnerabilities.
FFIEC Handbook (II.C.10(d)) states, “Management should implement automated patch management systems and software to ensure all network components are appropriately updated.” SOCVue Patch Management is consistent with FFIEC’s requirements for implementing patches through a change management process. SOCVue ensures that credit union systems are fully patched, addressing critical requirements for reducing risk.

*Additional controls auditing available with on-premise Security Monitoring deployments

Let's Talk

We save our customers 100s of hours and 1000s of dollars every week, and give them peace of mind with 24x7 detection and response to security incidents and vulnerabilities. Get in touch to learn how we can help your organization be more resilient to cyberattacks and compliance mandates.