Financial Services Sector Cybersecurity Profile

CRI Cybersecurity Profile and Supporting Documents

Download CRI Cybersecurity Profile v1.2 (2021)

An industry-developed cybersecurity profile to enhance and simplify your risk assessment

The banking industry saw a need for a more harmonized approach to cybersecurity that supports strong oversight while conserving talent and resources, and ensuring safety and soundness. The Financial Services Sector Cybersecurity Profile acts as a shared baseline for examination across federal regulators—in a way that makes the most sense for the individual institution.

Tailored to the size and scope of your bank, this new tool delivers meaningful results to help you measure the potential effects of a cyber event at your institution. By using a questionnaire to identify your specific risk and complexity, the assessment offers each institution a focused, customized cybersecurity plan that conserves resources and employee time.

Key Benefits:

developed by the Financial Services Sector Coordinating Council (global, regional, midsize and community banks, along with representatives from other key agencies)
designed to deploy resources more effectively
reduces time spent on reconciling exam issues
integrates widely used standards and supervisory expectations
compliments the NIST cybersecurity framework

Webinars

On December 11, 2019, ABA co-hosted a FSSCC Cybersecurity Profile webinar with the Conference of State Bank Supervisors (CSBS) for state banking regulators, Understanding the FSSCC Cybersecurity Profile: For State Bank Regulators. Denyette DePierro of ABA and Josh Magri of the Bank Policy Institute/BITS were joined by Mary Beth Quist, Senior Vice President, Bank Supervision at CSBS, and Phillip Hinkle, Director of IT Security Examinations at the Texas Department of Banking.

On May 23, 2019 Barth Baily of Fulton Financial and Denyette DePierro of ABA presented on the FSSCC Cybersecurity Profile for Midsize Banks.

On April 18, 2019, Joyce Flinn of First United Bank and Trust and Denyette DePierro of ABA presented on the FSSCC Cybersecurity Profile: A NIST-based Cybersecurity Assessment Approach for Community Banks.

On August 28, 2018, Josh Magri of BPI-BITS, Denyette DePierro of ABA, and Nadya Bartol of BCG-Platinion presented on the development of the Financial Services Sector Cybersecurity Profile.

View Webinar Recording

Maintenance Going Forward

The Financial Sector Coordinating Council (FSSCC), the trade associations, financial institutions, and other Profile development stakeholders recognize that future maintenance of the Profile is essential for its ultimate success. Numerous trade associations and financial institutions involved in the Profile’s development are forming a sustained coalition to manage Profile update activities and to educate and engage jurisdictions around the world on its benefits and usage. Interested parties will continue committing resources, such as their own subject matter experts and expertise, full time personnel, and funds for external experts and advisors.

This coalition has also committed to a 2-3-year update cycle to iterate a new, full version similar to the cycles used by other standards bodies, such as the National Institute of Standards and Technology (NIST) and International Standards Organization (ISO) for a full version. The coalition has also committed to more flexible update timeframes to include additional global supervisory expectations as well as any newly issued supervisory expectations. More details will follow in the coming weeks.