admin 
To complete the Assessment, management first assesses the institution’s inherent risk profile based on five categories:
- 1
Technologies and Connection Types
- 2
Delivery Channels
- 3
Online/Mobile Products and Technology Services
- 4
Organizational Characteristics
- 5
External Threats
Management then evaluates the institution’s Cybersecurity Maturity level for each of five domains:
- 1
Cyber Risk Management and Oversight
- 2
Threat Intelligence and Collaboration
- 3
Cybersecurity Controls
- 4
External Dependency Management
- 5
Cyber Incident Management and Resilience
Completing the Assessment
The financial institutions includes:
Board of Governors of the Federal Reserve System (FRB)
- 1
State member banks
- 2
Bank holding companies
- 3
Nonbank subsidiaries of bank holding companies
- 4
Savings and loan holding companies
- 5
Edge and agreement corporations
Branches and agencies of foreign banking organizations operating in the United States and their parent banks
Officers, directors, employees, and certain other categories of individuals associated with the above banks, companies, and organizations (referred to as “institution-affiliated parties”)
Federal Deposit Insurance Corporation (FDIC)
Insured State chartered banks that are not members of the Federal Reserve System (State nonmember banks)
Insured branches of foreign banks
Officers, directors, employees, controlling shareholders, agents, and certain other categories of individuals (institution-affiliated parties) associated with such institutions
National Credit Union Administration (NCUA)
Credit unions
Office of the Comptroller of the Currency (OCC)
- 1
National banks and their subsidiaries
- 2
Federally chartered savings associations and their subsidiaries
- 3
Federal Branches and agencies of foreign banks
- 4
Institution-affiliated parties (IAPs), including (a) Officers, directors, and employees, and (b) A bank’s controlling stockholders, agents, and certain other individuals
