CimTrak Helps Financial Institutions Meet FFIEC Compliance Objectives

FFIEC Information Security and GLBA Integrity

With passage of the Gramm-Leach-Bliley Act (GLBA) in 1999, financial institutions were required to implement policies that protected critical electronic customer information for being accessed, disclosed, or used in an unauthorized manner. 

With security management and data breaches making the news on a daily basis, IT security is now more important that ever. Security operations and a detection system has become top of mind for many organizations.

The GLBA “Safeguards Rule” requires financial institutions to achieve three objectives related to data security.

How CimTrak Helps

File integrity monitoring (FIM) helps meet various requirements from FFIEC Examination Handbooks as well as other critical system guidance bulletins. These include :

  • Assessing the security and integrity of system and application software including software under development
  • Firewall and routing configuration controls
  • Host security to detect and alert to all unauthorized and authorized changes
  • Support security incident detection via log management and strong audit trails
  • Securing customer’s financial data in the cloud
  • Monitoring of custom software applications specific to financial institutions such as banks and credit unions.

 

FFIEC and InfoSec Requirements

The Federal Financial Institutions Examination Council, more commonly known as the FFIEC, is comprised of representatives from several financial agencies and organization including the Federal Deposit Insurance Corporation (FDIC) and the Federal Reserve System. The FFIEC publishes guidance on how banks and other financial institutions can set about securing their IT assets and comply with the Safeguards Rule. Of particular note is the IT Examination Information Security Handbook published in 2006. It discussed key IT security objectives including how to protect information from a data breach as well as ensuring data integrity.

The Safeguards Rule Objectives

  1. Insure the security and confidentiality of customer information
  2. Protect against any anticipated threats or hazards to the security or integrity of such information; and
  3. Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

Learn more about meeting FFIEC requirements with our white paper and solution brief.

Find out how to meet FFIEC IT security requirements with the free FFIEC solution brief.

We Continue to Innovate

CimTrak focuses on developing new functionalities and cutting-edge innovations. See for yourself why CimTrak is the best alternative to Tripwire® software.