Supervisory Policy and Guidance Topics
This topic contains guidance regarding the adequacy of financial organizationsí information security systems. Information security is the process by which an organization protects and secures its systems, media, and facilities that process and maintain information vital to its operations. On a broad scale, the financial institution industry has a primary role in protecting the nationís financial services infrastructure. The security of the industryís systems and information is essential to its safety and soundness and to the privacy of customer financial information. Individual financial institutions and their service providers must maintain effective security programs adequate for their operational complexity. (FFIEC IT Examination Handbook InfoBase)Sections on this page:
- SR 15-9
- FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors
- SR 13-16
- End of Microsoft Support for Windows XP Operating System
- SR 09-2
- FFIEC Guidance Addressing Risk Management of Remote Deposit Capture Activities
- SR 08-7 / CA 08-10
- Interagency Examination Procedures for the Identity Theft Red Flags and Other Regulations under the Fair Credit Reporting Act
- SR 06-14 (Revised)
- Revised Policy Governing Access to Confidential Supervisory Information
- SR 06-13
- Questions and Answers Related to Interagency Guidance on Authentication in an Internet Banking Environment
- SR 05-23
- Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice
- SR 05-19
- Interagency Guidance on Authentication in an Internet Banking Environment
- SR 04-17
- FFIEC Guidance on the use of Free and Open Source Software
- SR 04-14
- FFIEC Brochure with Information on Internet "Phishing"
- SR 01-15 (SUP)
- Standards for Safeguarding Customer Information
- FFIEC Statements on Cybersecurity (November 3, 2014)
Bank Holding Company Supervision Manual
- Section 2124.1, "Assessment of Information Technology in Risk-Focused Supervision"
- Section 2124.4, "Information Security Standards"
- Section 2124.5, "Identity Theft Red Flags and Address Discrepancies"
Commercial Bank Examination Manual
- Section 4060.1, "Information Technology"
- FFIEC Information Technology Examination Handbook IT Examination Guidance
Last update: July 7, 2015