Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, which places national security, the economy, and public safety at risk. To combat these cyber risks, the Federal Financial Institutions Examination Council (FFIEC) developed a risk-based Cybersecurity Framework to provide financial institutions industry standards and best practices to help manage cybersecurity risks.
RSA Archer FFIEC-Aligned Cybersecurity Framework provides straightforward guidelines for addressing and managing cybersecurity risks. Profile owners can determine their inherent risk levels, prioritize and scope profile elements, and develop plans to achieve their desired or targeted risk and maturity levels for their organization’s cybersecurity program. Assessors can evaluate these profiles against the FFIEC Cybersecurity Assessment Maturity categories to determine the current maturity level and designate a target maturity level. Previous assessments can be archived for comparison with current Profile and measure progress. Reports and dashboards provide clear insight to the cybersecurity current state and progress being made toward the desired cybersecurity state.
With the RSA Archer FFIEC-Aligned Cybersecurity Framework offering, financial institutions can assess and measure their cybersecurity posture, address gaps, and report on cybersecurity posture in a meaningful way that is understood by all stakeholders.
Create an Inherent Risk Profile identifying inherent risk before implementing controls
Risk Assess the operational environment to discern the likelihood of a cybersecurity event and the impact
Identify a Target Maturity Level that focuses on the assessment categories that describe the desired cybersecurity outcomes
Analyze the Current Maturity Level to the Target Maturity Level to determine gaps
Implement an Action Plan to identify which steps to take to remediate the gaps focusing on standards, guidelines, and practices that work best for the organization's needs
Offers a common language to communicate requirements and progress among stakeholders (internal, partners, contractors, suppliers)
Provides a method to understand larger cybersecurity ecosystem
Apply the FFIEC best practices of risk management to improve cybersecurity and resiliency of critical infrastructure
This offering requires the following use cases including:
RSA Archer Issues Management
RSA Archer Policy Program Management (optional)
The following applications are required and may be found in several use cases. Please see the implementation guide for more details.
Available through existing licensed use cases
Supported Platform Version
RSA Archer FFIEC-Aligned Cybersecurity Framework was developed for and validated on RSA Archer Platform release 6.5.
RSA Archer On-Demand Application (ODA) Licenses
Three (3) RSA Archer On-Demand licenses and one (1) available Questionnaire from an existing licensed use case are required for RSA Archer FFIEC-Aligned Cybersecurity Framework.
For More Information
To learn more about RSA Archer FFIEC-Aligned Cybersecurity Framework: