FFIEC CAT

What Is the FFIEC Cybersecurity Assessment Tool (CAT)


The FFIEC Cybersecurity Assessment Tool (CAT), developed by the Federal Financial Institutions Examination Council (FFIEC), is a diagnostic test designed to help financial institutions identify, gauge, and improve on cybersecurity risks.

The CAT consists of two parts:

  1. An inherent risk profile, which identifies an institution’s inherent risk based on factors like size, complexity, and business activities.

  2. Cybersecurity maturity, assessing the current state of cybersecurity preparedness across five domains:

    • Governance and Risk Management
    • Data Security
    • Identity and Access Management
    • Security Awareness and Training
    • Incident Response and Resiliency

The FFIEC CAT is not a compliance tool that guarantees compliance with specific regulations. It is just a tool that helps assess the risks, and its use is voluntary.


MergeBase and the FFIECT CAT


MergeBase is not a financial institution, so we have never conducted this assessment, as it is not relevant to our processes and systems.


How Can MergeBase Help You Pass the Assessment?


We can significantly improve your CAT performance with data security, identity, and access management. That’s not all that is required by your company to perform well, but we can ensure you excel in these parts of the test.