SEATTLE, July 26, 2018 (Newswire.com) –Today, Cloudneeti announced compliance for FFIEC (Federal Financial Institutions Examination Council) compliance for Microsoft Azure workloads. Financial institutions often struggle to interpret FFIEC Cybersecurity guidelines as it pertains to public cloud workloads. They lack the resources to deploy and manage a diverse set of security controls that would enable them to identify risk, respond to threats and demonstrate compliance.FFIEC CAT (Cybersecurity Assessment Tool) was published in 2017, has its foundations built on top of NIST CSF. With this move, customers can more easily manage FFIEC compliant solutions.
“Cloudneeti’s auto-discovery and continuous security and validation engine allow financial institutions to protect assets, infrastructure, and information by strengthening the institution’s defensive posture through continuous and automated monitoring through collaborative efforts across various teams w/I the organization” –Pravin Kulkarni, Director Engineering and Operations, Cloudneeti.
As businesses transform to a more responsive and adaptable IT, organizations need better tools to identify and remediate risks early in development cycles and reduce those risks created by collaborating with various internal teams.
Alan Ross, Financial Services Lead, Microsoft Azure Engineering said, “Cloudneeti was one of our original partners as Microsoft Azure engineering was developing compliant templates for Financial Services customers. Their deep collaboration with customers gives me confidence that they considered the right requirements in developing an FFIEC solution.”
A brief about FFIEC CAT
FFIEC Cybersecurity Assessment Tool consists of two parts: Inherent Risk Profile and Cybersecurity Maturity Profile. The Inherent Risk Profile identifies the institution’s inherent risk before implementing controls. The Cybersecurity Maturity Profile includes domains, assessment factors, components, and individual declarative statements across five maturity levels to identify specific controls and practices that are in place.
With a recent release, we have now updated the dashboard as well the policy mapping to reflect a more accurate reflection of the FFIEC Cybersecurity Maturity Domains.
FFIEC Cloudneeti Dashboard
Cloudneeti’s FFIEC CAT dashboard
You would notice above that the Score card is pivoted to FFIEC Cybersecurity Maturity Domains. These includes statements to determine whether your institution’s behaviors, practices, and processes can support cybersecurity preparedness within the following five domains:
Cyber Risk Management and Oversight
Cloudneeti offers automated security assessment and auditing of IT Assets to effectively manage risk and assess the effectiveness of key controls.
Threat Intelligence and Collaboration
Cloudneeti continuous monitoring helps in analyzing threat sources and provides inputs and remediation to resolve the identified threats.
Cloudneeti continuously monitors for threats and vulnerabilities across infrastructure, access management, device and end-point security.
Cyber Incident Management and Resilience – Included in Cloudneeti
Cloudneeti examines and validates implementation of business continuity and disaster recovery readiness to minimize service disruptions and the destruction or corruption of data.
External Dependency Management – Not included in Cloudneeti (Connections, Relationships, Contracts etc. will be outside of the purview of automation product. Please refer your FFIEC Examiner/ Assessor for more details on these.)
Benchmarks help you safeguard systems, software, and networks against today’s evolving cyber threats. FFIEC CAT guidelines are developed by the Financial Services Regulatory body, Cloudneeti’s specific Benchmark and related policies are an interpretation and potential applicability of requirements to public cloud (Microsoft Azure). FFIEC has not published a benchmark specifically for Microsoft Azure. The rules & policies listed here are based on a NIST CSF baseline, our interpretations, interaction with our customers, the FFIEC regulatory council and various security analysts.