How a Threater TIG Automates FFIEC Quarterly Firewall Audits

Front of Bank

Federal Financial Institutions Examination Council (FFIEC) compliance relates to how a financial institutions adheres to a set of guidelines and standards designed to protect the data held by financial institutions. FFIEC provides actionable, uniformed, reasonable cybersecurity guidelines for financial services institutions of varying sizes. The FFIEC Cybersecurity Assessment Tool (CAT) is the tool that financial services institutions use to identify their cybersecurity risk level, maturity level, and to prepare for the cybersecurity section of their regular audit exams. FFIEC CAT covers 5 “Domains.”

Domain 1: Cyber Risk Management and Oversight
Domain 2: Threat Intelligence and Collaboration
Domain 3: Cybersecurity Controls
Domain 4: External Dependency Management
Domain 5: Cyber Incident Management and Resilience

FFIEC CAT Quarterly Firewall Audits

While the Threater Threat Intelligence Gateway helps greatly with Domain 2: Threat Intelligence and Collaboration, the solution also helps financial institutions with Domain 3: Cybersecurity Controls.

A quarterly firewall audit falls under Domain 3: “Cybersecurity Controls,” of the FFIEC CAT. Prior to implementing the Threater TIG, one financial institution had difficulty with the time and effort required to complete this portion of Domain 3, which, given that the quarterly firewall audit is a “baseline” requirement of Domain 3, would mean the Bank would be non-compliant for Domain 3 of FFIEC CAT.

The Threater Global Management Center (GMC), an online dashboard that provides a single view of all Threater Threat Intelligence Gateways within a physical, virtual, or cloud-based network, offers a variety of reporting features and functions that can assist with FFIEC and other audits. These include summaries on blocked and allowed network connections, the geographical source of attempted connections, and the type of threats being blocked, such as botnets, command and control, proxy/VPN, and other types.

After implementing the Threater TIG, the financial institution used the reporting and dashboard as a way to:

  • Audit their firewalls to assist with FFIEC compliance reporting
  • Provide data and reports to their Inspectors and their Board
  • Gain insight into network activity and threat traffic

Consequences of FFIEC non-compliance

Despite the fact that FFIEC-produced guidelines and recommendations are, officially, not “mandatory,” financial services institutions can still be heavily penalized for non-compliance with these guidelines by the OCC, FRB, FDIC, and OTS, or NCUA (if the institution is a credit union). This is because, if an institution did not follow the guidelines, this could be interpreted as not being compliant with various laws that mandate cybersecurity and data protections, such as the Gramm-Leach-Bliley Act, during their regular exams.

Want to learn more about the Threater TIG?

The Threater TIG helps resource-constrained financial institutions with more than cybersecurity and FFIEC compliance reporting. Installing the Threater TIG improves security operations by automating time-intensive or manual threat feed management, and democratizes threat intelligence with robust, out-of-the-box threat feeds. Learn more about how Threater TIG helps FS-ISAC members automate and block based on FS-ISAC threat feeds here, or try the risk-free 30 day trial here.