Blog

How a ThreatBlockr TIG Automates FFIEC Quarterly Firewall Audits

06.04.2019

1

Federal Financial Institutions Examination Council (FFIEC) compliance relates to how a financial institutions adheres to a set of guidelines and standards designed to protect the data held by financial institutions. FFIEC provides actionable, uniformed, reasonable cybersecurity guidelines for financial services institutions of varying sizes. The FFIEC Cybersecurity Assessment Tool (CAT) is the tool that financial services institutions use to identify their cybersecurity risk level, maturity level, and to prepare for the cybersecurity section of their regular audit exams. FFIEC CAT covers 5 “Domains.”

2

Domain 1: Cyber Risk Management and Oversight
3
Domain 2: Threat Intelligence and Collaboration
4
Domain 3: Cybersecurity Controls
5
Domain 4: External Dependency Management
6
Domain 5: Cyber Incident Management and Resilience

7

FFIEC CAT Quarterly Firewall Audits

8

While the ThreatBlockr Threat Intelligence Gateway helps greatly with Domain 2: Threat Intelligence and Collaboration, the solution also helps financial institutions with Domain 3: Cybersecurity Controls.

9

A quarterly firewall audit falls under Domain 3: “Cybersecurity Controls,” of the FFIEC CAT. Prior to implementing the ThreatBlockr TIG, one financial institution had difficulty with the time and effort required to complete this portion of Domain 3, which, given that the quarterly firewall audit is a “baseline” requirement of Domain 3, would mean the Bank would be non-compliant for Domain 3 of FFIEC CAT.

10

The ThreatBlockr Global Management Center (GMC), an online dashboard that provides a single view of all ThreatBlockr Threat Intelligence Gateways within a physical, virtual, or cloud-based network, offers a variety of reporting features and functions that can assist with FFIEC and other audits. These include summaries on blocked and allowed network connections, the geographical source of attempted connections, and the type of threats being blocked, such as botnets, command and control, proxy/VPN, and other types.

11

After implementing the ThreatBlockr TIG, the financial institution used the reporting and dashboard as a way to:

12

    • 13
    • Audit their firewalls to assist with FFIEC compliance reporting

14

    • Provide data and reports to their Inspectors and their Board

15

    • Gain insight into network activity and threat traffic

16

17

Consequences of FFIEC non-compliance

18

Despite the fact that FFIEC-produced guidelines and recommendations are, officially, not “mandatory,” financial services institutions can still be heavily penalized for non-compliance with these guidelines by the OCC, FRB, FDIC, and OTS, or NCUA (if the institution is a credit union). This is because, if an institution did not follow the guidelines, this could be interpreted as not being compliant with various laws that mandate cybersecurity and data protections, such as the Gramm-Leach-Bliley Act, during their regular exams.

19

Want to learn more about the ThreatBlockr TIG?

20

The ThreatBlockr TIG helps resource-constrained financial institutions with more than cybersecurity and FFIEC compliance reporting. Installing the ThreatBlockr TIG improves security operations by automating time-intensive or manual threat feed management, and democratizes threat intelligence with robust, out-of-the-box threat feeds. Learn more about how ThreatBlockr TIG helps FS-ISAC members automate and block based on FS-ISAC threat feeds here, or try the risk-free 30 day trial here.

21


22

28​‌530 wordsPost settingsPost URLView post automate-ffiec-quarterly-firewall-auditscontent.banduracyber.com/automate-ffiec-quarterly-firewall-audits/Publish date2019-06-0404:12(UTC)TagsExcerptAuthorsFeature this postTemplateDefault