FFIEC SaaS Assessment Saves Time

by | Aug 15, 2016

I’ve been meaning to write about automating FFIEC’s Cyber Assessment Tool. Now that we’re launching support for it, it’s time to talk about it.

When we started Cybergovernance Journal, we established a rule to preclude self-promotion and focus solely on voicing opinions on anything and everything related to cybersecurity governance. So far, we’ve kept that promise.

However, for some time, I’ve been meaning to write a post about automating FFIEC’s Cyber Assessment Tool for some time. Now that we’re launching support for it, it’s time to talk about it. I’m going to step outside the box this week, and if it bothers you, feel free to abandon this post. On the other hand, I haven’t seen another solution that integrates NIST, FFIEC, and HIPAA into a single automated assessment, so you may want to read on.

For several months, we’ve been implementing our full FFIEC Compliance Module. It leverages the almost 400 controls measured by our platform in the same way that our HIPAA Compliance Module does. The FFIEC module’s user interface aligns perfectly with the FFIEC tool, enabling auditors to gain a clear understanding of how the organization is doing.

I could go on and on, but it’s already described in the draft press release below that’s being prepared for a Tuesday release. We’d love to hear your comments!


FFIEC SaaS Assessment Saves Time

Latest CMOM Release Combines FFIEC and NIST Audits

AUSTIN, August 16, 2016 – Cybernance has launched a major update of its cybersecurity governance platform to fully automate the Cybersecurity Assessment Tool developed by the Federal Financial Institutions Examination Council (FFIEC). FFIEC assessments involve a risk profile assessment and a cybersecurity maturity assessment, and both are supported in the new release.

“We recognized the challenges that financial institutions face in implementing the comprehensive FFIEC guidelines,” said Charlie Leonard, VP Products at Cybernance Corporation. “Automating the collaboration required to complete a comprehensive assessment reduces the time it takes significantly.”

The Federal Financial Investigations and Examinations Council (FFIEC) published guidelines for financial services companies to assess and manage their cyber risk in mid-2015. Two key components are amenable to automated assessment: (1) the inherent risk of an organization, which derives from its size, position in the market, and type of services, and (2) security controls that have been implemented, which are largely based on NIST principles.

The FFIEC Compliance Module is integrated into CMOM (“SEE-mom”), Cybernance’s secure cybergovernance platform hosted on Amazon Web Services. The FFIEC Module collects data across the organization and displays in a console how well aligned the organization is with FFIEC’s five “domains” of cyber risk management.

The FFIEC Module

The FFIEC Module also reveals how internal controls contribute to adherence to the FFIEC guidelines. This comprehensive view helps compliance and audit professionals understand compliance needs and build a roadmap to address the highest priorities. Clicking on a rule reveals details about each control that contributes to compliance, reports its implementation status, and identifies its owner or administrator.

“We will continue to expand the capabilities of the governance platform we created to enable executives to manage cybersecurity and directors to oversee it,” said Cybernance CEO Mike Shultz. “Adding FFIEC support to our support for NIST, HIPAA, and other key benchmarks broadens CMOM’s value to existing customers, and it will enable financial institutions to adopt an emerging standard way to assess compliance.”

For more information, visit www.cybernance.com/FFIEC/.

About Cybernance Corporation
Cybernance is an Austin-based company that developed the Cybergovernance Maturity Oversight Model (CMOM), a SaaS governance platform. CMOM protects executives and directors from personal liability for breaches by enabling oversight of cyber risk and active engagement in managing risk mitigation. The company publishes articles regularly in Cybergovernance Journal about the challenges faced by management and boards in steering their organizations toward cyber maturity.

The Cybernance logo is available at

Bob Barker, Chief Strategy Officer
12600 Hill Country Blvd., Suite R275
Bee Cave, TX 78738
+1 512.329.2643
[email protected]


Be notified of new Journal entries in your email box or Follow us on Twitter.