The Federal Financial Institutions Examination Council (FFIEC) is a body of the United States government empowered to prescribe principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), Mergers & Acquisitions International Clearing (MAIC), and the Consumer Financial Protection Bureau (CFPB).
Dependencies
The FFIEC compliance reports depend on the following RSA NetWitness Rules.
| Accounts Created Accounts Deleted Accounts Modified Accounts Enabled Admin Access to Compliance Systems Details Admin Access to Compliance Systems Summary Encryption Failures Failed Escalation of Privileges Details | Failed Escalation of Privileges Summary Failed Remote Access Details Failed Remote Access Summary Firewall Configuration Changes Logon Failures Details Logon Failures Summary Password Changes Password Changes Summary | Router Configuration Changes Successful Escalation of Privileges Details Successful Escalation of Privileges Summary Successful Remote Access Details Successful Remote Access Summary User Access Revoked |
Citations
The FFIEC reports have the following Citations.
| Report Rule | Citation Number | Citation Description |
|---|---|---|
| Escalation of Privileges - Detail Escalation of Privileges - Top 25 | Exam Tier I Obj 4.1, Exam Tier II Obj A.1 (Access Rights Administration) | Evaluate Authentication and Authorization;Evaluate Authentication and Access Controls |
| User Access Revoked | Exam Tier I Obj 4.1, Exam Tier II Obj A.1 (Access Rights Administration) | Evaluate Authentication and Authorization;Evaluate Authentication and Access Controls |
| Logon Failures - Detail | Exam Tier II Obj A.7(Authentication),Exam Tier II Obj B.7 | Evaluate Authentication and Access Controls;Evaluate Network Security |
| Logon Failures - Top 25 | Exam Tier II Obj A.7(Authentication),Exam Tier II Obj B.7 | Evaluate Authentication and Access Controls;Evaluate Network Security |
| Admin Access to Compliance Systems - Detail | Exam Tier I Obj 4.1;Exam Tier II Obj A.2 (Authentication); Exam Tier II Obj A.4 (Access Rights Administration) | Evaluate Authentication and Authorization;Evaluate Authentication and Access Controls |
| Admin Access to Compliance Systems - Top 25 | Exam Tier I Obj 4.1;Exam Tier II Obj A.2 (Authentication);Exam Tier II Obj A.4 (Access Rights Administration) | Evaluate Authentication and Authorization;Evaluate Authentication and Access Controls |
| Password Changes - Detail Password Changes - Top 25 | Exam Tier I Obj 4.1,Exam Tier II Obj A.4(Authentication) | Evaluate Authentication and Authorization;Evaluate Authentication and Access Controls |
| Firewall Configuration Changes | Exam Tier II Obj B.10,Exam Tier II Obj M.4 | Evaluate Network Security;Evaluate Security Monitoring |
| Router Configuration Changes | Exam Tier II Obj B.10,Exam Tier II Obj M.4 | Evaluate Network Security;Evaluate Security Monitoring |
| Successful Remote Access - Detail | Exam Tier II Obj B.17 | Evaluate Network Security |
| Successful Remote Access - Top 25 | Exam Tier II Obj B.17 | Evaluate Network Security |
| Failed Remote Access - Detail | Exam Tier II Obj B.17 | Evaluate Network Security |
| Failed Remote Access - Top 25 | Exam Tier II Obj B.17 | Evaluate Network Security |
| Successful Use of Encryption | Exam Tier I Obj 4.1 | Evaluate Authentication and Authorization |
| Encryption Failures | Exam Tier I Obj 4.1 | Evaluate Authentication and Authorization |
| Accounts Created | Exam Tier I Obj 4.1 | Evaluate Authentication and Authorization |
| Accounts Modified | Exam Tier I Obj 4.1 | Evaluate Authentication and Authorization |
| Accounts Deleted | Exam Tier I Obj 4.1 | Evaluate Authentication and Authorization |
| Account Management | Exam Tier I Obj 4.1 | Evaluate Authentication and Authorization |
