Federal Register, Volume 81 Issue 59 (Monday, March 28, 2016)

[Federal Register Volume 81, Number 59 (Monday, March 28, 2016)]
[Notices]
[Pages 17243-17244]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-06949]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency


Federal Financial Institutions Examination Council Cybersecurity 
Assessment Tool Working Session in the National Institute of Standards 
and Technology Cybersecurity Framework Workshop

AGENCY: Office of the Comptroller of the Currency (``OCC''), Treasury.

ACTION: Notice of public meeting.

-----------------------------------------------------------------------

SUMMARY: The OCC, on behalf of itself, the Board of Governors of the 
Federal Reserve System, Federal Deposit Insurance Corporation, and 
National Credit Union Administration (Agencies), announces a public 
meeting to receive feedback on the Federal Financial Institutions 
Examination Council (FFIEC) Cybersecurity Assessment Tool (Assessment).

DATES: The Agencies will hold a public meeting on the Assessment on 
Thursday, April 7, 2016, beginning at 9:00 a.m. Eastern Daylight Time 
(EDT). The public meeting is a part of the National Institute of 
Standards and Technology (NIST) cybersecurity framework workshop, 
taking place on Wednesday, April 6, and Thursday, April 7, 2016. The 
public meeting on the Assessment will be a separate working session 
(Assessment working session) during the NIST workshop and will be open 
to any individual registered for the NIST workshop. Registrations for 
the NIST workshop will be accepted until March 31, 2016 11:59 p.m. EDT. 
There is no cost for registering for the workshop or attending the 
working session. Attendance at the Assessment working session will be 
on a first-come, first-served basis. The NIST workshop, including the 
Assessment working session, will be Webcast at http://www.nist.gov/itl/acd/cybersecurity-framework-workshop-2016.cfm.

ADDRESSES: The Assessment working session will be held on April 7, 2016 
at 9:00 a.m., at the NIST Campus, 100 Bureau Drive, Gaithersburg, 
Maryland 20899. All participants must pre-register at http://www.nist.gov/itl/acd/cybersecurity-framework-workshop-2016.cfm.

FOR FURTHER INFORMATION CONTACT: Beth Knickerbocker, Counsel (202) 649-
5490, for persons who are deaf or hard of hearing, TTY, (202) 649-5597, 
Legislative and Regulatory Activities Division, Office of the 
Comptroller of the Currency, 400 7th Street SW., Suite 3E-218, Mail 
Stop 9W-11, Washington, DC 20219.

SUPPLEMENTARY INFORMATION:  The FFIEC, on behalf of its members, 
released the Assessment on June 30, 2015, to help institutions identify 
their cyber risk and assess their cybersecurity preparedness. The 
purpose of the Assessment working session is to obtain substantive 
input from financial institutions and other interested parties on ways 
to improve the Assessment.
    The Agencies are holding the Assessment working session on April 7, 
2016, as a part of the NIST workshop, at the NIST Campus--100 Bureau 
Drive, Gaithersburg, Maryland 20899. The NIST workshop, including the 
Assessment working session, will be Webcast online at http://www.nist.gov/itl/acd/cybersecurity-framework-workshop-2016.cfm. The in-
person Assessment working session will be open to any individual 
registered for the NIST workshop and attendance will be on a first-
come, first-served basis. There is no cost for registering for the 
workshop or attending the working session. The Assessment working 
session will provide a forum for discussion of all aspects of the 
Assessment and will be an opportunity for interested persons to ask 
questions about the Assessment. Specifically, interested parties are 
encouraged to provide feedback on the Assessment's inherent risk 
profile, cybersecurity maturity, and supplemental materials. The 
Agencies may limit the time available to individuals seeking to provide 
their input, if needed, in order to accommodate the number of people 
desiring to speak.
    All participants in the Assessment working session must pre-
register for the NIST workshop at http://www.nist.gov/itl/acd/cybersecurity-framework-workshop-2016.cfm.
    Further details about the NIST workshop, including the Assessment 
working session, are published on the NIST Web site at http://www.nist.gov/itl/acd/cybersecurity-framework-workshop-2016.cfm. The 
agenda for the NIST workshop is posted at http://www.nist.gov/itl/acd/upload/Agenda_Cybersec-2.pdf.

[[Page 17244]]

Additional Background on Assessment

    Cyber threats have evolved and increased exponentially with greater 
sophistication. Cyber attacks on financial institutions may not only 
result in access to, and the compromise of, confidential information, 
but also the destruction of critical data and systems. Disruption, 
degradation, or unauthorized alteration of information and systems can 
affect an institution's operations and core processes and undermine 
confidence in the nation's financial services sector.
    The Agencies, under the auspices of the FFIEC, developed the 
Assessment to assist financial institutions of all sizes in assessing 
their inherent cyber risks and their cybersecurity preparedness. The 
Assessment is intended to allow a financial institution to identify its 
inherent cyber risk profile based on the financial institution's 
technologies and connection types, delivery channels, online/mobile 
products and technology services it offers, organizational 
characteristics, and current threats. Once an institution identifies 
its inherent cyber risk profile, it will then determine its 
cybersecurity maturity levels based on the institution's cyber risk 
management and oversight, threat intelligence and collaboration, 
cybersecurity controls, external dependency management, and cyber 
incident management and resilience. A financial institution can use the 
Assessment to identify opportunities for improving the institution's 
cybersecurity preparedness. Use of the Assessment by financial 
institutions is not mandatory. Additional information on the Assessment 
and supporting materials are available on the FFIEC's Web site at 
http://www.ffiec.gov/cyberassessmenttool.htm.

    Dated: March 23, 2016.
Thomas J. Curry,
Comptroller of the Currency.
[FR Doc. 2016-06949 Filed 3-25-16; 8:45 am]
 BILLING CODE 4810-01-P