Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR)

  • Abstract

    This technical note describes the methodology we used and the observations we made while mapping the declarative statements found in the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the practice questions found in the Cyber Resilience Review (CRR). This mapping enables financial organizations to use CRR results not only to gauge their cyber resilience, but to examine their current baseline with respect to the FFIEC CAT and the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The mapping in this technical note is proposed by three senior engineers from the CERT Division of the Carnegie Mellon University Software Engineering Institute; these engineers are skilled in conducting CRRs and familiar with all practice questions and question guidance. Two also have the advantage of several years of experience in the financial sector. The team relied on their experience along with previous mappings of the CRR and FFIEC CAT to the NIST CSF to propose the mapping in this technical note.

  • Download

Cite This Report

SEI

Pinckard, Jeffrey; Rattigan, Michael; & Vrtis, Robert. A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR). CMU/SEI-2016-TN-008. Software Engineering Institute, Carnegie Mellon University. 2016. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=474056

IEEE

Pinckard. Jeffrey, Rattigan. Michael, and Vrtis. Robert, "A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR)," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2016-TN-008, 2016. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=474056

APA

Pinckard, Jeffrey., Rattigan, Michael., & Vrtis, Robert. (2016). A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR) (CMU/SEI-2016-TN-008). Retrieved March 29, 2017, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=474056

CHI

Jeffrey Pinckard, Michael Rattigan, & Robert Vrtis. A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR) (CMU/SEI-2016-TN-008). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2016. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=474056

MLA

Pinckard, Jeffrey., Rattigan, Michael., & Vrtis, Robert. 2016. A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR) (Technical Report CMU/SEI-2016-TN-008). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=474056

BibTex

@techreport{PinckardAMapping2016,
title={A Mapping of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) to the Cyber Resilience Review (CRR)},
author={Jeffrey Pinckard and Michael Rattigan and Robert Vrtis},
year={2016},
number={CMU/SEI-2016-TN-008},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=474056} }