Compliance Reports: Federal Financial Institutions Examination Council (FFIEC)

Document created by RSA Information Design and Development on May 25, 2016Last modified by RSA Information Design and Development on Jan 22, 2019
Version 170Show Document
  • Comment0
  • View in full screen mode
 

The Federal Financial Institutions Examination Council (FFIEC) is a body of the United States government empowered to prescribe principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), Mergers & Acquisitions International Clearing (MAIC), and the Consumer Financial Protection Bureau (CFPB).

Dependencies

The FFIEC compliance reports depend on the following RSA NetWitness Rules.

           

Accounts Created

Accounts Deleted

Accounts Modified

Accounts Enabled

Admin Access to Compliance Systems Details

Admin Access to Compliance Systems Summary

Encryption Failures

Failed Escalation of Privileges Details

Failed Escalation of Privileges Summary

Failed Remote Access Details

Failed Remote Access Summary

Firewall Configuration Changes

Logon Failures Details

Logon Failures Summary

Password Changes

Password Changes Summary

Router Configuration Changes

Successful Escalation of Privileges Details

Successful Escalation of Privileges Summary

Successful Remote Access Details

Successful Remote Access Summary

User Access Revoked

Citations

The FFIEC reports have the following Citations.

                                                                                                            
Report RuleCitation NumberCitation Description
Escalation of Privileges - Detail
Escalation of Privileges - Top 25		Exam Tier I Obj 4.1, Exam Tier II Obj A.1 (Access Rights Administration)Evaluate Authentication and Authorization;Evaluate Authentication and Access Controls
User Access RevokedExam Tier I Obj 4.1, Exam Tier II Obj A.1 (Access Rights Administration)Evaluate Authentication and Authorization;Evaluate Authentication and Access Controls
Logon Failures - DetailExam Tier II Obj A.7(Authentication),Exam Tier II Obj B.7Evaluate Authentication and Access Controls;Evaluate Network Security
Logon Failures - Top 25Exam Tier II Obj A.7(Authentication),Exam Tier II Obj B.7Evaluate Authentication and Access Controls;Evaluate Network Security
Admin Access to Compliance Systems - DetailExam Tier I Obj 4.1;Exam Tier II Obj A.2 (Authentication); Exam Tier II Obj A.4 (Access Rights Administration)Evaluate Authentication and Authorization;Evaluate Authentication and Access Controls
Admin Access to Compliance Systems - Top 25Exam Tier I Obj 4.1;Exam Tier II Obj A.2 (Authentication);Exam Tier II Obj A.4 (Access Rights Administration)Evaluate Authentication and Authorization;Evaluate Authentication and Access Controls
Password Changes - Detail
Password Changes - Top 25		Exam Tier I Obj 4.1,Exam Tier II Obj A.4(Authentication)Evaluate Authentication and Authorization;Evaluate Authentication and Access Controls
Firewall Configuration ChangesExam Tier II Obj B.10,Exam Tier II Obj M.4Evaluate Network Security;Evaluate Security Monitoring
Router Configuration ChangesExam Tier II Obj B.10,Exam Tier II Obj M.4Evaluate Network Security;Evaluate Security Monitoring
Successful Remote Access - DetailExam Tier II Obj B.17Evaluate Network Security
Successful Remote Access - Top 25Exam Tier II Obj B.17Evaluate Network Security
Failed Remote Access - DetailExam Tier II Obj B.17Evaluate Network Security
Failed Remote  Access - Top 25Exam Tier II Obj B.17Evaluate Network Security
Successful Use of EncryptionExam Tier I Obj 4.1Evaluate Authentication and Authorization
Encryption FailuresExam Tier I Obj 4.1Evaluate Authentication and Authorization
Accounts CreatedExam Tier I Obj 4.1Evaluate Authentication and Authorization
Accounts ModifiedExam Tier I Obj 4.1Evaluate Authentication and Authorization
Accounts DeletedExam Tier I Obj 4.1Evaluate Authentication and Authorization
Account ManagementExam Tier I Obj 4.1Evaluate Authentication and Authorization
You are here
Table of Contents > Compliance Reports: Federal Financial Institutions Examination Council (FFIEC)

Attachments

    Outcomes