A recent audit report revealed the National Credit Union Administration (NCUA) plans to implement a new Automated Cybersecurity Examination Tool (ACET) to determine the effectiveness of credit union cybersecurity programs.
Conducted by the NCUA’s Office of Inspector General from February 2016 through September 2017, the audit set out to determine the effectiveness of NCUA’s IT examination program to:
Provide oversight to credit unions’ cybersecurity programs
Ensure credit unions are doing enough to protect member information from cyberattacks
As a result of the audit findings, the ACET will have a greater scope than previous NCUA IT exam procedures to more closely mirror the National Institute of Standards and Technology (NIST) cybersecurity framework. It should address all 98 of the voluntary NIST cybersecurity control guidelines and will also include nearly 500 Declarative Statements, which are the NCUA’s control measures for assessing a credit union.
Planned to launch in January 2018, the ACET will be deployed every other year subjecting all federally insured credit unions with assets between $250 million and $10 billion to its review. As more information in made available about the new ACET, Doeren Mayhew’s Information Technology Assurance advisors will keep you up-to-date. In the meantime, if you have questions how this might impact your credit union, contact them today.
This publication is distributed for informational purposes only, with the understanding that Doeren Mayhew is not rendering legal, accounting, or other professional opinions on specific facts for matters, and, accordingly, assumes no liability whatsoever in connection with its use. Should the reader have any questions regarding any of the news articles, it is recommended that a Doeren Mayhew representative be contacted.
To View this Resource
A quick registration is required to view our resources. You will only be asked to do this one time (unless you don't save your browser cookies).