Banking Cybersecurity

An Official Pennsylvania Government Website

Translate

DOBS

Department of Banking and Securities

Businesses

Consumers

About Us

Begin Main Content Area

Banking Cybersecurity Resources

Federal Financial Institutions Examination Council (FFIEC)
On June 30, 2015, the FFIEC issued a Cybersecurity Assessment Tool to assist institutions in assessing their level of cybersecurity risk and preparedness. The Department encourages its regulated banking institutions to utilize the assessment tool to ensure that institutions are assessing and addressing cybersecurity risks. Institutions may directly access the cybersecurity resources provided by the FFIEC, including the Cybersecurity Assessment Tool, through the links below:

FFIEC Cybersecurity Awareness Webpage

FFIEC Cybersecurity Assessment General Observations [PDF]

FFIEC Cybersecurity and Resilience Against Attacks Brochure [PDF]

FFIEC Cybersecurity Assessment Tool

The Federal Deposit Insurance Corporation (FDIC) and the Federal Reserve Board have both issued supervisory letters regarding the issuance of the Cybersecurity Assessment Tool. Those documents may be accessed through these links:

Federal Deposit Insurance Corporation Financial Institutions Letter

Federal Reserve Board Supervisory Letter

Conference of State Banking Supervisors (CSBS)

CSBS has also developed a webpage specifically designed for information regarding cybersecurity which can be accessed through the link below.

CSBS Cybersecurity Webpage

CSBS Executive Leadership of Cybersecurity Resource Guide

Cybersecurity guide for bank Chief Executive Officers.

CSBS CATO Webpage

Corporate Account Takeover

Corporate Account Takeovers (CATO) are a method of identity theft where criminals "take over" a business customer's bank account(s) and seek to initiate fraudulent wire and ACH transactions. CSBS has developed a webpage designed to promote awareness of the risks associated with CATO and to provide best practices for institutions.

CATO Best Practices (PDF)

National Credit Union Administration (NCUA)
NCUA recognizes the importance of cybersecurity and using the web safely and securely.

NCUA Cyber Security Resources Webpage

Information Technology Examinations:

FFIEC

The FFIEC Examiner Education Office makes available online an information technology examination resource called the FFIEC InfoBase. The InfoBase contains introductory, reference, and educational training materials on certain information technology topics for field examiners. Contained within the InfoBase are links to Information Technology Handbooks that are updated and maintained electronically. Institutions may find the information contained within these resources helpful when reviewing their information technology policies and procedures.

FFIEC IT Examination Handbook InfoBase

Institutions may also directly access the individual IT Handbooks by topic through the following links:

Audit

Business Continuity Planning

Development and Acquisition

E-Banking

Information Security

Management

Operations

Outsourcing Technology Services

Retail Payment Systems

Supervision of Technology Service Providers (TSP)

Wholesale Payment

Banking Cybersecurity Resources

Content Editor

Resources