Credit union regulator updates cybersecurity tools, with slimmed-down requirements

Updates to a cybersecurity evaluation tool for credit unions was released Tuesday by their federal regulator, the agency said.

The National Credit Union Administration (NCUA) said the update to its Automated Cybersecurity Evaluation Toolbox (ACET) includes security updates and performance improvements. It noted the updated version does not require the use of IIS Express and SQL Server 2012 Express LocalDB, which are no longer supported by the application.

“The ACET is an excellent resource — especially for small credit unions or credit unions with limited resources — to understand cybersecurity preparedness levels,” the agency said in a release.

According to NCUA, ACET provides credit unions the capability to conduct a maturity assessment aligned with the Federal Financial Institutions Examination Council’s (FFIEC) Cybersecurity Assessment Tool. Using the assessment within the toolbox allows institutions of all sizes to easily determine and measure their own cybersecurity preparedness over time, the agency said.

The ACET maturity assessment is voluntary and does not introduce any new requirements or expectations on credit unions, NCUA contends.

ACET and Other Assessment Tools