RSA Archer FFIEC-Aligned Cybersecurity Framework App-Pack

Document created by Christine Tran Employee on Feb 4, 2019Last modified by Susan Read-Miller on May 10, 2019
Version 9Show Document
  • View in full screen mode

RSA Archer Suite Logo


Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, which places national security, the economy, and public safety at risk. To combat these cyber risks, the Federal Financial Institutions Examination Council (FFIEC) developed a risk-based Cybersecurity Framework to provide financial institutions industry standards and best practices to help manage cybersecurity risks. 


RSA Archer FFIEC-Aligned Cybersecurity Framework provides straightforward guidelines for addressing and managing cybersecurity risks. Profile owners can determine their inherent risk levels, prioritize and scope profile elements, and develop plans to achieve their desired or targeted risk and maturity levels for their organization’s cybersecurity program. Assessors can evaluate these profiles against the FFIEC Cybersecurity Assessment Maturity categories to determine the current maturity level and designate a target maturity level. Previous assessments can be archived for comparison with current Profile and measure progress. Reports and dashboards provide clear insight to the cybersecurity current state and progress being made toward the desired cybersecurity state.


With the RSA Archer FFIEC-Aligned Cybersecurity Framework offering, financial institutions can assess and measure their cybersecurity posture, address gaps, and report on cybersecurity posture in a meaningful way that is understood by all stakeholders.


Key Features

  • Create an Inherent Risk Profile identifying inherent risk before implementing controls
  • Risk Assess the operational environment to discern the likelihood of a cybersecurity event and the impact
  • Identify a Target Maturity Level that focuses on the assessment categories that describe the desired cybersecurity outcomes
  • Analyze the Current Maturity Level to the Target Maturity Level to determine gaps
    • Implement an Action Plan to identify which steps to take to remediate the gaps focusing on standards, guidelines, and practices that work best for the organization's needs



    • Offers a common language to communicate requirements and progress among stakeholders (internal, partners, contractors, suppliers)
    • Provides a method to understand larger cybersecurity ecosystem
    • Apply the FFIEC best practices of risk management to improve cybersecurity and resiliency of critical infrastructure



    This offering requires the following use cases including:

    • RSA Archer Issues Management
    • RSA Archer Policy Program Management (optional)
    • The following applications are required and may be found in several use cases. Please see the implementation guide for more details.
      • Business Unit
      • Business Processes
      • Applications
      • Devices
      • Questionnaires
        • Available through existing licensed use cases


      Supported Platform Version

      RSA Archer FFIEC-Aligned Cybersecurity Framework was developed for and validated on RSA Archer Platform release 6.5.


      RSA Archer On-Demand Application (ODA) Licenses

      Three (3) RSA Archer On-Demand licenses and one (1) available Questionnaire from an existing licensed use case are required for RSA Archer FFIEC-Aligned Cybersecurity Framework.


      For More Information

      To learn more about RSA Archer FFIEC-Aligned Cybersecurity Framework:


      For Additional Support

      To learn more about this offering, please contact your Account Rep for additional details. For technical support questions regarding this offering, please open a support case or contact RSA Archer at for more information.



      RSA Archer FFIEC-Aligned Cybersecurity Framework

      Profile Owner Dashboard


      RSA Archer FFIEC-Aligned Cybersecurity Framework

      Assessor Dashboard