The Federal Financial Institutions Examination Council (FFIEC) creates and promotes a common set of standards to create uniformity and consistency in the evaluation, management, and governance for financial institutions. FFIEC includes a formal assessment of five domains designed to measure a banking institution’s level of risk and maturity in the management of cybersecurity:
- Cyber Risk Management and Oversight
- Threat Intelligence and Collaboration
- Cybersecurity Controls
- External Dependency Management
- Cyber Incident Management and Resilience
FFIEC is designed to focus on repeatability and consistency during the evaluation and reporting process in a manner such that banking environments can be measured against each other and tracked independently over time.
Continuous Compliance Solution with RiskForesight
Caveonix RiskForesight implements continuous compliance of controls critical to the FFIEC evaluation and reporting maturity effectiveness across infrastructure and applications. RiskForesight performs thousands of checks mapped to FFIEC’s five domains and more than 20 other common security and privacy frameworks such as the NIST Cyber Security Framework, PCI, and NIST 800-53. Caveonix RiskForesight tracks and reports your adherence to FFIEC requirements and determines the impact of vulnerabilities and configuration changes to your secure compliance baseline. RiskForesight detects compliance drift, intelligently analyzes risk, and provides recommendations to bring your applications back into compliance.
Additionally, Caveonix measures against global configuration benchmarking standards and creates audit and compliance packages with detailed audit artifacts attesting to your compliance.