FFIEC Issues a Revealing Cybersecurity Assessment Tool FAQ
Questions from vendor management to mitigating controls covered in the new document.
An article review.
The FFIEC released a document earlier this month covering some of the most frequently asked questions surrounding the Cybersecurity Assessment Tool (CAT), and it’s certainly worth taking a look at as many of their answers are eye-opening!
Many have wondered how to account for mitigating controls when using the CAT, for example, and the document addresses that by saying that since the CAT is voluntary, organizations may customize it as they see fit–including “identifying various methods for accounting for compensating controls.”
The FAQ also covers vendor management, explaining that as its use is voluntary organizations are free to use the CAT can be used as part of their vendor management program. Finally, the FFIEC promises to provide updated iterations of the tool as time–and threats–progress.
You can check out the FFIEC’s Cybersecurity Assessment Tool FAQ for yourself here.
Leave a comment
Voice assistants can be helpful, but their “always on” functionality can leave you vu Read more
Previously thought to be designed to deliver a DDoS attack, VPNFilter can alter data Read more
Getting a message to the user is one thing, having them see it is another… An article Read more
US Cyber Command joins with the FS-ISAC to share threat intelligence… An article revi Read more