NCUA Letter: Automated Cybersecurity Evaluation Toolbox


The National Credit Union Administration (NCUA) issued a letter to federally insured credit unions discussing the Automated Cybersecurity Evaluation Toolbox (Toolbox) application that was released in October in an effort to help credit unions understand their level of cybersecurity preparedness.

The Toolbox, as well as other pertinent information and resources, are available for download on the agency’s ACET and Other Assessment Tools webpage. The webpage includes a video that provides an overview of the entire process, from the start of an assessment to reviewing reports.

The Toolbox is a no-cost, downloadable application developed to be a holistic cybersecurity resource for credit unions. It also provides credit unions with a no-cost method to conduct cybersecurity self-assessments. The Toolbox assists institutions of all sizes and complexity to determine and measure their information and cybersecurity preparedness against several industry standards and best practices. Using the maturity assessment within the Toolbox may assist credit unions in enhancing their cybersecurity oversight and management.

The maturity assessment incorporates cybersecurity standards and practices established for financial institutions. It includes practices found in the Federal Financial Institutions Examination Council IT Examination Handbooks, regulatory guidance, and leading industry standards like the National Institute of Standards and Technology Cybersecurity Framework. The maturity assessment provides a plain-language explanation and references for each of the statements included within the assessment. By conducting regular assessments, credit unions can better prepare to make risk-driven security management decisions.

While the NCUA highly encourages the use and implementation of the maturity assessment for a credit union to determine its information and cybersecurity preparedness level, it is only a self-assessment. Credit unions are not required to use the Toolbox or complete the maturity assessment. However, it can provide insight into additional steps a credit union may consider taking to strengthen its overall security posture.


Pin It