FFIEC SaaS Assessment Saves Time

Share Article

Latest CMOM Release Combines FFIEC and NIST Audits

CMOM FFIEC Compliance Console

"Automating the collaboration required to complete a comprehensive assessment significantly reduces the time it takes.” -Charlie Leonard, VP Products, Cybernance

Cybernance has launched a major update of its cybersecurity governance platform to fully automate the Cybersecurity Assessment Tool developed by the Federal Financial Institutions Examination Council (FFIEC). FFIEC assessments involve a risk profile assessment and a cybersecurity maturity assessment, and both are supported in the new release.

“We recognized the challenges that financial institutions face in implementing the comprehensive FFIEC guidelines,” said Charlie Leonard, VP Products at Cybernance Corporation. “Automating the collaboration required to complete a comprehensive assessment significantly reduces the time it takes.”

The Federal Financial Investigations and Examinations Council (FFIEC) published guidelines for financial services companies to assess and manage their cyber risk in mid-2015. Two key components are amenable to automated assessment: (1) the inherent risk of an organization, which derives from its size, position in the market, and type of services, and (2) security controls that have been implemented, which are largely based on NIST principles.

The FFIEC Compliance Module is integrated into CMOM (“SEE-mom”), Cybernance’s secure cybergovernance platform hosted on Amazon Web Services. The FFIEC Module collects data across the organization and displays in a console how well aligned the organization is with FFIEC’s five “domains” of cyber risk management.

The FFIEC Module also reveals how internal controls contribute to adherence to the FFIEC guidelines. This comprehensive view helps compliance and audit professionals understand compliance needs and build a roadmap to address the highest priorities. Clicking on a rule reveals details about each control that contributes to compliance, reports its implementation status, and identifies its owner or administrator.

“We will continue to expand the capabilities of the governance platform we created to enable executives to manage cybersecurity and directors to oversee it,” said Cybernance CEO Mike Shultz. “Adding FFIEC support to our support for NIST, HIPAA, and other key benchmarks broadens CMOM’s value to existing customers, and it will enable financial institutions to adopt an emerging standard way to assess compliance.”

For more information, visit http://www.cybernance.com/FFIEC/.

About Cybernance Corporation
Cybernance is an Austin-based company that developed the Cybergovernance Maturity Oversight Model (CMOM), a SaaS governance platform. CMOM protects executives and directors from personal liability for breaches by enabling oversight of cyber risk and active engagement in managing risk mitigation. The company publishes articles regularly in Cybergovernance Journal about the challenges faced by management and boards in steering their organizations toward cyber maturity.

The Cybernance logo is available at

Bob Barker
12600 Hill Country Blvd., Suite R275
Bee Cave, TX 78738
+1 512.329.2643


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Bob Barker
since: 04/2015
Follow >
Visit website