Outsourcing booklet
Added examination procedures to address the risks associated with cloud computing.
View ArticleOutsourcing booklet
Added Appendix D, Managed Security Service Providers(MSSP). This appendix, including examination procedures, addresses the unique risks associated with outsourcing IT security functions.
View ArticleInformation Security booklet
Added the FFIEC Supplement to the Authentication in an Internet Banking Environment guidance for all agencies in the Resource section, Appendix C.
View ArticleAudit, BCP, E-Banking, Information Security, Operations, Outsourcing, and...
Revised multiple booklets to address the transition from SAS-70 to the SSAE-16 attestation review process and other third-party review processes.
View ArticleReference Materials
Added the FFIEC Public Cloud Computing Statement. The statement maps cloud computing risks to the various FFIEC IT Handbook booklets.
View ArticleReference Materials - Federal Regulatory Agencies' Administrative Guidelines:...
The Guidelines describe the process the FRS, FDIC, and OCC (agencies) follow to implement the interagency supervisory programs and include the reporting templates examiners use throughout the...
View ArticleSupervision of Technology Service Providers (TSP) booklet
The booklet replaces the March 2003 version and includes the following revisions:Rescinds Supervisory Policy 1, "Interagency EDP Examination, Scheduling, and Distribution Policy", September 1991, and...
View ArticleInformation Technology Examination Handbook InfoBase Enhancements
The Federal Financial Institutions Examination Council (FFIEC) member agencies today announced the addition of a new feature to the Information Technology Examination Handbook InfoBase. This feature...
View ArticleReference Materials
Added FFIEC Joint Statement, End of Microsoft Support for Windows XP Operating System. This statement identifies the risk associated with the continuing use of the XP Operating System.
View ArticleJoint Statement: Cyber-attacks on Financial Institutions’ ATM and Card...
Added FFIEC Joint Statement, Cyber-attacks on Financial Institutions' ATM and Card Authorization Systems. This statement identifies the risk associated with current attack vectors against ATM's and...
View ArticleJoint Statement: Distributed Denial-of-Service (DDoS) Cyber-Attacks, Risk...
Added FFIEC Joint Statement, Distributed Denial-of-Service (DDoS) Cyber-Attacks, Risk Mitigation, and Additional Resources . This statement identifies the risk associated with Distributed Denial of...
View ArticleStrengthening the Resilience of Outsourced Technology Services
The FFIEC members today issued a revised Business Continuity Planning booklet. The update consists of the addition of a new appendix, entitled Strengthening the Resilience of Outsourced Technology...
View ArticleRevised the Management Booklet
Full revision of the Management Booklet; replaces the June 2004 version. Includes revised workprogram.
View ArticleAdded Appendix E: Mobile Financial Services to the Retail Payment Systems...
The update consists of the addition of a new appendix,Appendix E: Mobile Financial Services. Appendix E focuses on the risks associated with MFS and emphasizes an enterprise-wide risk management...
View ArticleRevised the Information Security Booklet
The updates included the removal of redundant management material and a refocus on IT risk management and an update of information security processes. The revision reflects changes in the industry, it...
View ArticleRevised the Business Continuity Planning Booklet and Changed Name to Business...
The FFIEC members updated and renamed the Business Continuity Planning booklet to Business Continuity Management (BCM) to reflect updated information technology risk practices and frameworks. The...
View ArticleRevision of the Operations Booklet and Name Change to Architecture,...
The FFIEC members updated and renamed the Operations booklet to Architecture, Infrastructure, and Operations to incorporate updated information technology (IT) risk practices and frameworks. The...
View Article