The FFIEC Cybersecurity Assessment Tool (CAT), developed by the Federal Financial Institutions Examination Council (FFIEC), is a diagnostic test designed to help financial institutions identify, gauge, and improve on cybersecurity risks.
The CAT consists of two parts:
An inherent risk profile, which identifies an institution’s inherent risk based on factors like size, complexity, and business activities.
Cybersecurity maturity, assessing the current state of cybersecurity preparedness across five domains:
The FFIEC CAT is not a compliance tool that guarantees compliance with specific regulations. It is just a tool that helps assess the risks, and its use is voluntary.