The tool walks organizations through completing a risk assessment, which involves determining an organization’s inherent risk profile and cybersecurity maturity levels within five domains:
- Cyber Risk Management and Oversight
- Threat Intelligence and Collaboration
- Cybersecurity Controls
- External Dependency Management
- Cyber Incident Management and Resilience
As threats, vulnerabilities and operational environments evolve, FFIEC members plan to update the tool as necessary. To access the tool and related documents, visit ffiec.gov/cyberassessmenttool.htm.