Watkins Consulting

Compliance • Risk Management • Accounting

  • Home
  • About
    • History
    • Our Staff
    • Corporate Brochure
  • Services
    • Accounting
    • Compliance
    • Risk Management
    • Capabilities
  • News
  • Contact
Home
|
Projects
|
Compliance
|
FFIEC Cybersecurity Assessment Tool
FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool

Watkins Consulting designed an Excel-based workbook to simplify the record keeping of responses and to calculate corresponding scores for the FFIEC Cybersecurity Assessment. We are pleased to offer a free download of this Excel workbook.  Upon downloading and deciding to use this tool, please register it so we can send you update notices. If you need help expanding this assessment into governance or need help with cybersecurity compliance efforts, please contact us at [email protected]

Download Excel Workbook Download User Guide

Additional download information is below.

Background

In June 2015, the Federal Financial Institutions Examination Council (FFIEC) published a Cybersecurity Assessment Tool (CAT) to help financial institutions identify and evaluate their cybersecurity risk awareness and readiness; click here to view their web page describing this tool. The tool consists of an extensive set of questions designed to evaluate the cybersecurity risk of a Financial Institution. In 2017 the FFIEC made some minor adjustments to the tool.

The FFIEC published the CAT to encourage consistent analysis, evaluation, and examination of cybersecurity risks inherent in US Financial Institutions. The Tool leverages industry standards, guidelines and best practices, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF, see our post on this), to help organizations better manage, evaluate, and reduce cybersecurity risk. The FFIEC has added an additional metric to the NIST CSF by considering the maturity cycle of an institution and its products and services, thereby aligning cybersecurity maturity to cyber risk—or, the greater the cyber risk, the greater the need for mature cybersecurity. Watkins has also published a short video containing a background description and a worked example using the CAT; click here to view that post.

The CAT was published in a static PDF format; therefore, in order to assist our clients Watkins has derived an equivalent Excel-based workbook that automates the tracking and scoring of an institution’s maturity levels and risk profile. Upon completion, this workbook will provide a snapshot of a Financial Institution’s cyber readiness and exposure. And, a series of workbooks over time will document cyber risk remediation efforts.

An immediate benefit is that our clients and contacts can download and use the FFIEC CAT Excel workbook. It is our hope that this tool will reduce the level of clerical work involved, allowing you to immediately engage in the important work of effective cybersecurity governance. Watkins is offering this tool for your use free of charge; however, we do recommend that you register your tool so that you can receive version updates as they become available. We recommend that you let us know that you are using the Excel workbook by sending us an email.

The purpose of this tool is to record responses and calculate corresponding scores. Should your institution require further explanation of results or interpretation of the FFIEC Cybersecurity Assessment requirements, please contact us at [email protected] or (888) 230-3032.

Download Information

The Excel file is a macro-free file and uses latest Excel Microsoft Office Open XML Format which does not allow for macros. The file size is 512,098 bytes and the SHA-1 checksum is C0D3A8EBEC36F9070EBEDB0257BC082650AD437B.

  • The Excel file can be downloaded from this link: FFIEC Cyber Assessment Tool.xlsx (version 3.4.2).
  • The user guide can be downloaded from this link: Watkins FFIEC CAT Excel User Guide . Its SHA-1 checksum is 16D9BA809779531865692B7BFD894E7A4F454233.
  • A video containing background information and a worked example: Video review post.

Free Excel Cybersecurity Assessment Tool Change Log

Version (link) Change SHA-1
3.4.2 (link) Unlocked improperly locked input cells C0D3A8EBEC36F9070EBEDB0257BC082650AD437B
3.4.1 Allows for easier cell formatting, corrected typos, correct user guide link 9FDD75D417BF0DEF7DAA56BAED5AE21BD92C599F
3.3.1 (link) Adds Appendix A, table of contents tab, user defined worksheet, warning message for component marked as N/A, cleaned up pivot reports, and a switch to hide registration link 421E68579EB72673E74F87A9BE699A36043D3594
2.1 (link) Updates useful links to point to updated handbook location on the web. 47B15DEE606CF514C5EF5DC9BD100C6F0CB3C706
2.00 (link) Includes for FFIEC 2017 update; broke up Risk Management/Training and Culture/Culture/Evolving declarative statements 703B7EA7AC13CA4D419A0BBEF7C9DBAEAE9BFED2
1.02 (link) Unlocked data input; added maturity heat map 0bc71b7153f6d83b83534a0fcb1054b7e05cafdb
1.01 Initial public release 2430acfd22e04c0e49f568af58642dab809d373f

 29,468 total views,  7 views today

Tags: Banking, cybersecurity, internal controls, regulatory compliance
NIST CSF Comparison Excel Workbook

Services

  • Accounting
  • Compliance
  • Risk Management

Watkins Services BrochureWatkins Services Brochure
Cybersecurity Services BrochureWatkins Cybersecurity Services Brochure

Related

Cybersecurity Compliance

Watkins Consulting can help your firm enhance compliance monitoring and management activities in order to meet Cybersecurity and other compliance goals. With expertise in technical and procedural compliance, we can help your

Cybersecurity Governance

Watkins Consulting can assist your organization with creating an entity-wide program of Cybersecurity Governance. We will combine expertise is the fields of regulatory compliance and risk management in order to develop a

Cybersecurity Risk Assessment

Financial institutions know that regulators are identifying Cybersecurity risk measures as a priority for enforcement, even as more sophisticated Cyber Threats are being deployed by threat actors. These two trends are rapidly

Watkins Contact Information

839 Bestgate Road, Suite 400
Annapolis, MD 21401

Toll Free: (888) 320-2320

E-mail: [email protected]

Keep in touch

  • Linkedin
© 2023 Watkins Consulting Privacy Policy