Meet FFIEC IT Security Requirements for Financial Institutions

How CimTrak Helps With FFIEC Information Security and GLBA Integrity

Meet GLBA and FFIEC Compliance Objectives

WATCH THE INSTANT PREVIEW

ENSURE

Maintain security and confidentiality of customer information through system integrity.

PROTECT

Arm your systems to detect and alert on any unknown or unexpected changes in real-time.

MANAGE

Generate complete audit trails of all detected changes allowing for simple investigation of events as well as reporting for both management and auditors.

CimTrak Helps Financial Institutions Meet Compliance Objectives

With the passage of the Gramm-Leach-Bliley Act (GLBA) in 1999, financial institutions were required to implement policies that protected critical electronic customer information for being accessed, disclosed, or used in an unauthorized manner.

With security management and data breaches making the news on a daily basis, IT security is now more important than ever. Security operations and a detection system have become top of mind for many organizations.

The GLBA “Safeguards Rule” requires financial institutions to achieve three objectives related to data security.

How CimTrak Helps Meet Various requirements Using File Integrity Monitoring (FIM)

Assessing the security and integrity of system and application software including software under development
Firewall and routing configuration controls
Host security to detect and alert to all unauthorized and authorized changes
Support security incident detection via log management and strong audit trails
Securing customer’s financial data in the cloud
Monitoring of custom software applications specific to financial institutions such as banks and credit unions.

FFIEC and InfoSec Requirements

The Federal Financial Institutions Examination Council, more commonly known as the FFIEC, is comprised of representatives from several financial agencies and organizations including the Federal Deposit Insurance Corporation (FDIC) and the Federal Reserve System. The FFIEC publishes guidance on how banks and other financial institutions can set about securing their IT assets and comply with the Safeguards Rule. Of particular note is the IT Examination Information Security Handbook published in 2006. It discussed key IT security objectives including how to protect information from a data breach as well as ensuring data integrity.

The Safeguards Rule Objectives

Ensure the security and confidentiality of customer information
Protect against any anticipated threats or hazards to the security or integrity of such information; and
Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.