Cygilant Blog

What to Know About FFIEC Compliance

Posted by Trevan Marden on May 18, 2018

ffiece complianceThe Federal Financial Institutions Examination Council (FFIEC) provides cybersecurity standards and auditing for financial institutions and regulatory bodies including: The Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB).

For covered financial institutions, the council has established a handbook detailing the best practices and requirements in several areas of information security. The guide sets guidance for risk identification, mitigation, security operations, and measurement. Several of the core requirements involve capabilities to identify and mitigate potential security gaps and incidents using security monitoring, vulnerability management and patch management solutions. Cygilant helps banks, credit unions, and other financial institutions meet these requirements with our unique security-as-a-service offerings, which combine the people, process, and technology to quickly and affordably improve your organization’s security posture.  Here is how Cygilant can help:


Security Monitoring

FFIEC Handbook (II.C.22) states, “Management should use SIEM systems to discern trends and identify potential information security incidents.” SOCVue Security Monitoring meets all of the criteria and capabilities for continuous security monitoring as defined in Section II.C.22 of the FFIEC Handbook. SOCVue delivers continuous information security monitoring capabilities for financial organizations, including both banking and administrative systems. With our 24x7 Global SOC team to manage the solution, provide round-the-clock monitoring, alerting, and remediation guidance, you gain the coverage you need without the need to build and manage your own SOC.


Vulnerability Management

FFIEC Handbook (Objective 6) states that auditors should look for evidence that credit unions “collect data to build metrics and reporting of vulnerability management.” SOCVue Vulnerability Management meets requirements for continuous detection and reporting on known vulnerabilities. Our Global SOC Team will schedule scans to identify and help prioritize critical vulnerabilities based on risk to your organization to ensure potential security gaps are addressed quickly. Our integrated vulnerability and patch management solution ties together information from both vulnerability and patch scans to provide a single-pane-of-glass view, enabling rapid deployment of patches that address identified vulnerabilities.


Patch Management

FFIEC Handbook (II.C.10(d)) states, “Management should implement automated patch management systems and software to ensure all network components are appropriately updated.” SOCVue Patch Management is consistent with FFIEC’s requirements for implementing patches through a change management process. SOCVue ensures that the financial organization’s systems are fully patched, addressing critical requirements for reducing risk. Patch data is correlated with vulnerability scan data to help prioritize the right patches and provide easy deployment options using an auditable workflow for change management.


Learn more about the FFIEC requirements and how Cygilant can help your organization address them with this free workbook:

Download Your Workbook

Tags: Cybersecurity-as-a-Service

Most Recent Posts

Subscribe to the Cygilant Newsletter