Cybersecurity ⋆ Department of Savings and Mortgage Lending

The landscape of cybersecurity threats continues to evolve with constant changes in technology. The Department of Savings and Mortgage Lending encourages institutions to take advantage of services and guidance available through trade associations, governmental entities, or private entities. Here are a few links intended to aid your efforts in protecting your community, customers, and institution:

Federal Financial Institutions Examination Council (FFIEC) is the formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB) and to make recommendations to promote uniformity in the supervision of financial institutions.
Financial Services Information Sharing and Analysis Center (FS-ISAC) is an industry consortium dedicated to reducing cyber-risk in the global financial system, serving financial institutions and in turn their customers. The organization leverages its intelligence platform, resiliency resources, and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyberthreats.
National Institute of Standards and Technology (NIST) has the mission of promoting U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
Information Systems Audit and Control Association (ISACA) is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy, and governance professionals. ISACA is a global professional association and learning organization in areas of digital trust fields such as information security, governance, assurance, risk, privacy, and quality.
- ISACA developed the COBIT (Control Objectives for Information and Related Technology) framework to help align IT strategy with organizational goals.
National Cyber Security Alliance (NCA) is non-profit organization founded in 2001, promoting cyber security, privacy, education, and awareness. The NCA works with various stakeholders in the government, industry, and civil society. The NCA promotes partnerships between the federal government and corporations operating in technology. NCA’s primary federal partner is the Cyber security and Infrastructure Security Agency within the U.S. Department of Homeland Security.
Conference of State Bank Supervisors (CSBS) supports state regulators in advancing the system of state financial supervision by ensuring safety, soundness, and consumer protection; promoting economic growth; and fostering innovative, responsive supervision.
- CSBS developed the Ransomware Self-Assessment Tool (R-SAT) to help financial institutions assess their efforts to mitigate risks associated with ransomware and identify gaps for increasing security.

FDIC Cybersecurity Resources

Financial Institution Letters

FIL Title	Category	Date Issued
FIL-61-2024 - Sunset of FFIEC Cybersecurity Assessment Tool	Supervisory Guidance	9/5/2024
FIL-60-2024 - Updated FFIEC IT Examination Handbook – Development, Acquisition, and Maintenance Booklet	Examination Procedures and Manual Updates	8/29/2024
FIL-19-2024 - Third-Party Risk Management, A Guide for Community Banks	Miscellaneous	5/3/2024
FIL-52-2023 - Information Technology Risk Examination (InTREx) Procedures	Examination Procedures and Manual Updates	9/29/2023
FIL-29-2023 - Interagency Guidance on Third-Party Relationships: Risk Management	Supervisory Guidance	6/6/2023
FIL-50-2022 - Updated FFIEC Cybersecurity Resource Guide for Financial Institutions	Miscellaneous	10/27/2022
FIL-12-2022 - Computer-Security Incident Notification Implementation	Supervisory Guidance/ Miscellaneous	3/29/2022
FIL-64-2021 - FDIC Selects Four Vendors to Participate in a Rapid Phased Prototyping (RPP) Pilot Program	Information Technology/ Cybersecurity	9/9/2021
FIL-57-2021 - FDITECH Launches Tech Sprint to Measure and Test Bank Operational Resiliency	Information Technology/ Cybersecurity	8/16/2021
FIL-55-2021 - Authentication and Access to Financial Institution Services and Systems	Information Technology/ Cybersecurity	8/11/2021
FIL-50-2021 - Proposed Interagency Guidance on Third-Party Relationships: Risk Management	Risk Management	7/13/2021
FIL-47-2021 - Updated FFIEC IT Examination Handbook – Architecture, Infrastructure, and Operations Booklet	IT Technology/ Cybersecurity	6/30/2021
FIL-103-2020 - The FDIC Publishes Sound Practices to Strengthen Operational Resilience	Information Technology/ Cybersecurity	11/2/2020
FIL-52-2020 - FFIEC Joint Statement on Risk Management for Cloud Computing Services	Information Technology/ Cybersecurity	4/30/2020
FIL-3-2020 - Heightened Cybersecurity Risk Considerations	Information Technology/ Cybersecurity	1/16/2020

FDIC Banker Resource Center

Information Technology (IT) and Cybersecurity: Listing frequently asked questions, advisories, statements of policy, and other information issued by the FDIC alone, or on an interagency basis, provided to promote safe-and-sound operations.

Technical Assistance Videos

Cybersecurity Awareness: Video series designed to assist bank directors with understanding cybersecurity risks and related risk management programs, and to elevate cybersecurity discussions from the server room to the board room.
Cyber Challenge – A Community Bank Cyber Exercise: Exercise to encourage discussion of operational risk issues and the potential impact of information technology disruptions on common banking functions.