The FFIEC is retiring its Cybersecurity Assessment Tool (CAT) by August 31, 2025, and recommends that financial institutions transition to the NIST Cybersecurity Framework 2.0 (CSF 2.0) as an alternative. This shift is driven by the need for more updated and comprehensive cybersecurity frameworks as threats evolve. Time is running out for supervised financial institutions to transition to deploy and assess cybersecurity according to NIST CSF 2.0.

Why the change?

The FFIEC determined that the CAT, while helpful, wasn't being updated to reflect newer government resources like NIST CSF 2.0 and CISA's (U.S. Department of Homeland Security's Cybersecurity and

This video features Allen Keele, a principal and lead instructor at Certified Information Security, who outlines the five steps recommended by NIST to initiate or integrate the NIST Cybersecurity Framework 2.0 into an organization's cybersecurity program. He emphasizes the importance of understanding the organization's current cybersecurity state and NIST CSF 2.0's target goals. 

The video also discusses the maturity scale levels provided by the Cybersecurity and Infrastructure Security Agency (CISA) for assessing conformance, ranging from planned to managed, measured, and defined. Additionally, Keele explains the hierarchical structure of NCSF 2.0, which includes six functions, 22 major project categories, and 106

Transcript

Hi, my name is Allen Keele. I'm a Principal with Certified Information Security and today I would like to bust a myth that the Board and C-Suite have no role in cybersecurity, at least that's what I seem to run into an awfully lot.

So the reality is that cyber risk is pervasive throughout the enterprise. Wherever Internet technology exists, not just in the server room, meaning that operations, technology, and Internet of Things, any device that we use within our organization that has Internet connectivity in some way is essentially a cyber risk entry point. So expecting that