NCUA Cites Cybersecurity as a 2020 Supervisory Priority

NCUA Cites Cybersecurity as a 2020 Supervisory Priority

NCUA Cites Cybersecurity as a 2020 Supervisory Priority 1732 1154 Andrew Hay

On January 7, 2020 the National Credit Union Administration issued its yearly supervisory priorities and Information Systems and Assurance (Cybersecurity) received some renewed focus. According to the National Association of Federally-Insured Credit Unions (NAFCU) blog post, cybersecurity has also been a supervisory priority for many years and will likely continue to remain so.

NCUA will continue using the Automated Cybersecurity Examination Tool (ACET), which is based on the Federal Financial Institutions Examination Council’s (FFIEC) Cybersecurity Assessment Tool (CAT). “Sometime in early 2020”, according to NCUA, “Credit unions will have access to the ACET for conducting self-assessments.” NCUA has been using the ACET for credit unions with over $1 billion in assets since 2018, and last year began using the tool for credit unions with over $250 million in assets.

In 2020, the ACET will be used for credit unions with over $100 million in assets. There have also been rumblings that soon all credit unions, regardless of asset size, will find themselves scoped into the requirement.

Finally, the agency is also piloting new procedures in 2020 to “evaluate critical security controls during examinations between maturity assessments” that are scaled to the credit union’s size and risk profile.

Though the NCUA plans to “increase stakeholder outreach this year to provide education and promote awareness on cybersecurity issues”, Lares knows how overwhelming ACET preparation can be. The credit unions we work with often reach out to Lares to help read between the lines of the ACET requirements, map existing security program gaps, conduct IT Risk Assessments, and even assist in working with the NCUA auditor to help articulate the institution’s readiness and alignment.

Lares can help your credit union validate its security posture through offensive security-focused services such as penetration testing, application security assessments, vulnerability scanning, continuous security monitoring, IT risk assessments, virtual Chief Information Security Officer (CISO) services, and coaching.

If your credit union needs help with its ACET alignment activities in 2020, please do not hesitate to reach out by phone (720) 600-0329, by email, or via our website We look forward to helping your institution achieve its security and compliance goals and help you continue to put member satisfaction above everything else.

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Email Us

©2024 Lares, a Damovo Company | All rights reserved.

Error: Contact form not found.

Error: Contact form not found.

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.