The Federal Financial Institutions Examinations
Council (FFIEC) is a Federal interagency body with the authority to
apply uniform standards, principles, and report forms to be used in
federal inspection of banks and other financial institutions. You need
to be aware of FFIEC IT Audit Handbook if your institution is subject
to inspection by the Board of Governors of the Federal Reserve Bank,
the Federal Deposit Insurance Corporation, National Credit Union Administration,
the Office of the Comptroller of the Currency, or the Office of Thrift
Supervision. The handbook is used by Federal Bank examiners as a guide
for IT infrastructure audits.
Contact Us
Select any of the services below for more information.
To design a more comprehensive compliance solution for your business,
contact VeriSign at 650-426-5310 or enterprise_security@verisign.com.
Requirements
The FFIEC IT Audit Handbook has identified
audit procedures and requirements which cover the Gramm-Leach-Bliley
Act (GLBA) and most other banking regulations. VeriSign products and
services are available for the following standards listed in the handbook.
Key FFIEC Standards |
Applies To |
How VeriSign Helps |
- Requires a regular
risk assessment.
- Requires that major
infrastructure changes undergo technical and non-technical evaluations.
- Requires documented
policy and procedures.
- Requires risk assessments
to determine appropriate controls for given situations.
|
Applications, servers, databases, and network
devices with non-public personal information (NPI) |
Enterprise
Consulting Assessments |
Requires logging of all access
to personal information (by a person or user to view, read, write, or
delete) |
Applications, servers, databases, and network
devices with NPI |
Log
Management Service |
Requires both the capability
to detect potential intrusions and the placement of intrusion detection
devices. |
All systems storing, transmitting or processing
regulated NPI data |
Intrusion
Detection Management Service (IDS) |
Requires firewalls as a core
component to network security. |
Network access to segments that transmit, store
or process NPI |
Firewall
Management Service |
Requires authentication and access
control for access to sensitive information. |
Authentication methods, access control methods
and the administration of access for networks, operating systems, applications,
remote users and systems |
Unified
Authentication |
Requires encryption in storage
and transmission, and integrity controls. |
All systems storing, transmitting or processing
regulated NPI data |
|
Best Practices
These solutions address industry best practices
that can augment the above required controls.
Best Practice |
Applies To |
How VeriSign Helps |
Technical and non- technical
evaluation |
All systems storing, transmitting or processing
regulated NPI data |
Vulnerability
Management Service |
Learn More
Worldwide Sites
