OCC Updates Cybersecurity Resource Guide
On October 6, 2022, the Office of the Comptroller of the Currency (“OCC”) announced that the Federal Financial Institutions Examination Council (“FFIEC”) issued an update to the FFIEC Cybersecurity Resource Guide for Financial Institutions[1] (“Guide”).
The Guide provides a list of voluntary programs and actionable initiatives intended to help financial institutions meet security control objectives and respond to cyber incidents, which includes:
assessment guide resources, such as the FFIEC Cybersecurity Assessment Tool or the National Credit Union Administration Automated Cybersecurity Evaluation Toolbox;
exercise resources, such as the Federal Insurance Deposit Corporation’s Cyber Challenge: A Community Bank Cyber Exercise;
sources for information sharing;
such authorities as the Cybersecurity & Infrastructure Security Agency (CISA) portal to which organizations should, or may be required to, report certain information, including cyber incidents, phishing, malware, or vulnerabilities; and
such tools as the CISA Cyber Security Evaluation Tool (CSET): Ransomware Readiness Assessment (RRA) for assessing an organization’s ransomware response availability.
This updated guide containing the most recent and relevant industry tools effectively rescinds and replaces the 2018 guide and will apply to a wide range of financial institutions, including community banks.
[1] https://www.ffiec.gov/press/pdf/FFIECCybersecurityResourceGuide2022ApprovedRev.pdf