Credit union regulator encourages CUs’ use of cybersecurity self-testing app

An application released in October to facilitate credit unions’ self-testing of their cybersecurity preparedness costs nothing and can be downloaded via the agency’s website, the agency said in a letter Wednesday to insured credit unions.

The Automated Cybersecurity Evaluation Toolbox (ACET) was created to help credit unions conduct a maturity assessment that aligns with the Federal Financial Information Council’s (FFIEC) Cybersecurity Assessment Tool, the National Credit Union Administration (NCUA) said in Wednesday’s letter, signed by agency board Chairman Todd Harper. It said the toolbox can be used by institutions of all sizes and complexity to determine and measure their information and cybersecurity preparedness against several industry standards and best practices.

The agency said the assessment incorporates cybersecurity standards and practices established for financial institutions: It includes practices found in the FFIEC IT Examination Handbooks, regulatory guidance, and leading industry standards like the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

“While we highly encourage the use and implementation of the maturity assessment for a credit union to determine its information and cybersecurity preparedness level, it is only a self-assessment,” according to the letter. “Credit unions are not required to use the Toolbox or complete the maturity assessment. However, it can provide insight into additional steps a credit union may consider taking to strengthen its overall security posture.”