NIST Letter of Support
Letter of support for Financial Services Sector Cybersecurity Profile Version 1.0 from Division Chief, Applied Cyber Security Division, NIST.Read More
[The Cyber Profile is] One of the more detailed Cybersecurity Framework-based, sector regulatory harmonization approaches to date.
– National Institute of Standards and Technology, U.S. Department of Commerce (NIST)
'The Federal Financial Institutions Examination Council (FFIEC) members today emphasized the benefits of using a standardized approach to assess and improve cybersecurity preparedness,' and named the Profile along with NIST, CAT, and the CIS 20 (formerly SANS 20) as those standardized assessment approaches.
The [Cyber Profile] is a customization of the NIST Cybersecurity Framework that financial institutions can use for internal and external cyber risk management assessment and as evidence for compliance, encompassing relations between Cyber frameworks, including the Core Standards. Further, the FSSCC’s Cybersecurity Profile tool encompasses all three of the Core Standards of this report, as well as others….
… we'll welcome any financial institution to provide information to us using the structure and taxonomy of the Profile, we see that as a boon for harmonization.
– Board of Governors of the Federal Reserve System
The value is having that common language – a common way of having discussions around otherwise complex topics.
– CISO, Tier 1 Institution Member
The Cyber Profile shows a third party the path and progression from a fin-tech into a mature organization. It tells you what the investment journey is going to look like, giving them a roadmap to do business with the big banks.
– COO, Assessment Organization
Looking after 45 countries, meeting regulatory demands with consistency is incredibly difficult. For the first time, the industry is coming together to solve the problem.
– Executive Director, Cybersecurity, Tier 1 Institution Member