Regulatory Alerts2024-11-22 | SR 24-7SR 24-7: FFIEC Cybersecurity Assessment Tool Sunset Statement
The Federal Reserve issued SR 24-7 to announce that the FFIEC Cybersecurity Assessment Tool will cease updates and be removed from the FFIEC website on August 31, 2025. This sunset occurs because new government and industry resources, such as NIST Cybersecurity Framework 2.0 and CISA Cybersecurity Performance Goals, provide more effective means for financial institutions to manage evolving cybersecurity risks. The Federal Reserve emphasizes that while it does not endorse specific tools, supervised institutions must ensure their chosen self-assessment methods support an effective control environment commensurate with their specific risk profile.
Share