FFIEC Requirements around Info Sec in a Financial organization

ankurj.hazarika

Team,

Can somebody point me towards a URL where I can find the requirements that FFIEC needs organizations to have in place? I have seen the FFIEC IT handbook but those are guidelines and not requirements, if I am not wrong.

Thanks a bunch in advance.

Ankur

colemic

That's the rub with FFIEC - there are no hard and fast rules or checklists to show what needs to be done. You just need to have the appropriate technology/controls in place, to satisfy the guidelines.

ankurj.hazarika

Thanks.

ankurj.hazarika

You are right, Colemic. I went through the FFIEC IT Handbook and I think Appendix A under Information Security is a valuable tool here in determining the requirements, since that's what Auditors would be looking for.

FFIEC IT Examination Handbook InfoBase - Appendix A: Examination Procedures