Since the FFIEC announced the Cybersecurity Assessment Tool (CAT) sunset, many financial institutions are now asking the question: "Which cybersecurity framework should I use?" If this sounds like you, take this quick quiz to discover which of the four frameworks mentioned in the sunset statement might be a good fit for you!
1. Who is your primary federal regulator?
2. What is your organization's asset size?
3. How would you describe the nature of your technology environment?
4. How would you describe your organization's overall cybersecurity risk?
5. How familiar are you with your organization’s technology environment?
6. How much time are you planning to dedicate to your cybersecurity assessment(s) in the year ahead?
7. How many people will be working on your cybersecurity assessment?
8. How do your stakeholders feel about adopting a new framework?
9. Will any of your vendors (e.g., your MSP, auditors, consultants, software providers, etc.) be involved with the framework implementation or assessment?
10. How do you see your organization growing in the near future?
11. Which of the following would be most valuable to your organization?
12. Which of the following best describes how you approach journeys?
13. When selecting a new technology, which factor is most important to you?
The NIST Cybersecurity Framework (CSF) provides a flexible and scalable approach to improving cybersecurity maturity. The CSF offers a structured, yet adaptable set of outcomes focused on foundational security functions. Designed to be straightforward and manageable, the CSF is well-suited for financial institutions seeking an easy-to-implement framework that promotes robust security without straining resources.
The CISA Cybersecurity Performance Goals (CPGs) offer a practical, easy-to-use approach to enhancing cybersecurity. They provide a set of focused and clear security practices that help organizations assess and improve their cybersecurity maturity. With their emphasis on key controls, the CPGs are ideal for financial institutions seeking an accessible, low-complexity framework that promotes continuous improvement.
The CIS Controls offer a technical, structured approach to cybersecurity, providing a set of prioritized safeguards to help protect against the most common cyber threats. These controls are highly actionable, with clear, step-by-step guidance designed to help financial institutions improve their security posture. The CIS Controls are ideal for financial institutions that require a detailed, systematic approach to cybersecurity maturity.
The CRI Profile offers a specialized, in-depth framework for assessing cybersecurity posture through detailed diagnostic statements. Designed with high-compliance environments in mind, the CRI Profile helps financial institutions evaluate and strengthen their cybersecurity maturity. The CRI Profile is ideal for financial institutions seeking a robust, diagnostic approach to strengthen their cybersecurity defenses.
Complete your cybersecurity framework self-assessment in an easy, efficient, and repeatable way.
Easily complete your cybersecurity self-assessments based on frameworks like the NIST Cybersecurity Framework (CSF), CISA Cybersecurity Performance Goals (CPGs), Texas Cybersecurity Framework (TCSF), and more. See the FAQ section for a full list of supported frameworks.
Explore clear and intuitive dashboards that give you a comprehensive snapshot of your cybersecurity assessments. Use the built-in reports to gain key insights into your control status and help ensure everything is on track.
Gain perspective into your assessment results by anonymously comparing your results with more than 700 other organizations who have completed their cybersecurity self-assessments with Tandem.