Supervisory Policy and Guidance Topics
This topic contains guidance regarding the adequacy of financial organizations’ information security systems. Information security is the process by which an organization protects and secures its systems, media, and facilities that process and maintain information vital to its operations. On a broad scale, the financial institution industry has a primary role in protecting the nation’s financial services infrastructure. The security of the industry’s systems and information is essential to its safety and soundness and to the privacy of customer financial information. Individual financial institutions and their service providers must maintain effective security programs adequate for their operational complexity. (FFIEC IT Examination Handbook InfoBase)
Policy LettersInformation Security
FFIEC Information Technology Examination Handbook – Information Security Booklet
Off-site Review of Loan Files
FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors
End of Microsoft Support for Windows XP Operating System
Interagency Examination Procedures for the Identity Theft Red Flags and Other Regulations under the Fair Credit Reporting Act
Revised Policy Governing Access to Confidential Supervisory Information
Questions and Answers Related to Interagency Guidance on Authentication in an Internet Banking Environment
Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice
Interagency Guidance on Authentication in an Internet Banking Environment
FFIEC Guidance on the use of Free and Open Source Software
Standards for Safeguarding Customer Information
- Bank Holding Company Supervision Manual
- Section 2124.1, "Assessment of Information Technology in Risk-Focused Supervision"
- Section 2124.4, "Information Security Standards"
- Section 2124.5, "Identity Theft Red Flags and Address Discrepancies"
- Commercial Bank Examination Manual
- Section 4060.1, "Information Technology"
- FFIEC Information Technology Examination Handbook IT Examination Guidance