Adrian Johnson
TLDR: Cybersecurity Assessment Tool Sunset: What Now?
Key Points:
- FFIEC announced the sunset of the cybersecurity assessment tool on August 31, 2025.
- Financial institutions are now recommended to pivot to more widely accepted frameworks for assessing cybersecurity posture.
In a recent announcement, the Federal Financial Examination Council (FFIEC) revealed that it will be sunsetting the cybersecurity assessment tool on August 31, 2025. The tool, released in 2015, required banks to assess their cybersecurity posture and document their cyber risk appetite. However, due to the rapidly evolving nature of cyber risks, the FFIEC has decided not to update the tool and instead recommends that supervised financial institutions refer to new government resources such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 and the Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Performance Goals.
This shift has significant implications for financial institutions, as they now need to adapt to using new frameworks for assessing their cyber posture. The experts at Forvis Mazars are equipped to help banks navigate this transition and ensure they are effectively managing their cyber risk. Contact our IT Risk & Compliance team for assistance in securing your bank’s future cyber risk needs.
Overall, the sunset of the cybersecurity assessment tool marks a turning point for financial institutions in how they approach cybersecurity assessment. By leveraging new government resources and transitioning to more widely accepted frameworks, banks can better manage and reduce their cybersecurity risks in alignment with evolving industry standards.
