Regulatory Alerts2024-11-20
SR 24-7: FFIEC Cybersecurity Assessment Tool Sunset Statement
The Federal Reserve issued SR 24-7 to announce that the FFIEC Cybersecurity Assessment Tool will be removed from the FFIEC website on August 31, 2025, due to the availability of updated government and industry resources. Supervised financial institutions are advised to leverage newer frameworks, such as NIST Cybersecurity Framework 2.0 and CISA Cybersecurity Performance Goals, to better manage evolving cybersecurity risks. The Federal Reserve maintains that it does not endorse specific self-assessment tools and continues to employ a risk-focused examination approach tailored to each institution's risk profile.
Share