DEFENSESTORM BLOG
Tuesday, August 23rd, 2022
Within our DefenseStorm Governance Program, our clients can systematically collect evidence from across the platform to document adherence to regulatory frameworks and self-assessments.
DefenseStorm’s platform is built for banking. As such, we are committed to keeping pace with changing industry best practices and regulatory expectations that are uniquely relevant to financial institutions. Within the GRID Active Governance Program, clients can systematically collect evidence from across the platform to document adherence to regulatory frameworks and self-assessments. Using self-assessments and frameworks can help guide program design and help gauge your program’s maturity. As standards and expectations change, we will continue to update our library so that our clients maintain a stance of readiness.
DefenseStorm has added four new regulatory frameworks to our Governance Program product (formerly Active Compliance) within the GRID Active platform that include the three tiers of the NCUA’s new examination procedures, Information Security Examination Assessment (ISE), and the Cybersecurity and Infrastructure Security Agency CISA Ransomware Readiness Assessment (CISA RRA).
In late January 2023, the NCUA announced they would begin using their new Information Security Examination (ISE) procedures in the coming year. The NCUA believes these new procedures will better enable examiners to tailor the examination based on asset size and complexity of the FI, standardize the examination of information security and cybersecurity programs, and better enable their ability to identify control deficiencies and trends at the industry level. The ISE has three tiers:
In the GRID Active Governance Program, a CU will find each ISE tier as a separate framework. The Core+ tier was released from the NCUA with the Basic and Intermediate tiers of CISA’s Ransomware Readiness Assessment which can be accessed as part of the Core+ framework within the Governance Program.
The Cybersecurity & Infrastructure Security Agency (CISA)’s Ransomware Readiness Assessment (RRA) allows institutions to better assess how well they are equipped to defend and recover from a ransomware incident. The model encourages ransomware readiness in three stages. The practices are intended to be implemented from one tier to the next starting at Basic and working towards Advanced.
A bank or other financial institution will be able to access all three tiers of CISA’s RRA – basic, intermediate, and advanced – in the Governance Program as a standalone framework.
All Frameworks in the GRID Active platform are mapped to the Governance Program Task Schedule Library. By leveraging the library to build out Task Schedules, our clients benefit from the pre-built mappings that enable systematic evidence collection against our entire library of Frameworks. Check our libraries out today to start collection evidence against the ISE, CISA RRA, NIST, CIS Controls, and more.