A recent audit report revealed the National Credit Union Administration (NCUA) plans to implement a new Automated Cybersecurity Examination Tool (ACET) to determine the effectiveness of credit union cybersecurity programs.
Conducted by the NCUA’s Office of Inspector General from February 2016 through September 2017, the audit set out to determine the effectiveness of NCUA’s IT examination program to:
Provide oversight to credit unions’ cybersecurity programs
Ensure credit unions are doing enough to protect member information from cyberattacks
As a result of the audit findings, the ACET will have a greater scope than previous NCUA IT exam procedures to more closely mirror the National Institute of Standards and Technology (NIST) cybersecurity framework. It should address all 98 of the voluntary NIST cybersecurity control guidelines and will also include nearly 500 Declarative Statements, which are the NCUA’s control measures for assessing a credit union.
Planned to launch in January 2018, the ACET will be deployed every other year subjecting all federally insured credit unions with assets between $250 million and $10 billion to its review. As more information in made available about the new ACET, Doeren Mayhew’s Information Technology Assurance advisors will keep you up-to-date. In the meantime, if you have questions how this might impact your credit union, contact them today.