NCUA’s Automated Cybersecurity Examination Tool (ACET) will remain available following the sunset of the FFIEC’s Cybersecurity Assessment Tool
ALEXANDRIA, VA (August 30, 2024) — The Federal Financial Institutions Examination Council announced today the sunsetting of its Cybersecurity Assessment Tool on August 31, 2025. While this decision impacts the broader financial services industry, NCUA’s Automated Cybersecurity Examination Tool (ACET) will continue to be supported and remain available for use by credit unions. The ACET is available for download at no charge on the NCUA’s website.
As geopolitical events evolve, credit unions of all sizes must understand and operate under the assumption that they remain targets of not just cybercriminals, but foreign nations that intend to cause harm to critical infrastructure in the United States—of which credit unions are a vital part. As such, the NCUA encourages credit unions to use the ACET as a tool for assessing cybersecurity preparedness levels. The ACET has been tailored specifically for credit unions and includes a user-friendly application interface, enhanced reporting features, and supplementary information. The ACET also includes added information and reporting capabilities not found in the FFIEC’s Cybersecurity Assessment Tool.
Please visit the NCUA’s Cybersecurity Resource Center for additional tools and resources.
The NCUA will ensure the ACET remains relevant and current with the evolving cybersecurity landscape, and is planning updates to the ACET content to align with new standards and frameworks, such as the National Institute of Standards and Technology Cybersecurity Framework 2.0 and the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Performance Goals. These updates will ensure that the ACET continues to meet credit unions’ needs in assessing their cybersecurity stance.
The NCUA is committed to supporting all credit unions’ cybersecurity efforts—including continuing to seek third-party vendor authority from Congress to reduce the due diligence burden on credit unions that may not have the necessary experience or resources to ensure their vendor is in full compliance with applicable laws, as well as cybersecurity best practices. The NCUA continues to encourage credit unions to use the ACET as a critical component of their cybersecurity assessment and risk management practices.
For questions or concerns regarding the ACET or cybersecurity in general, please contact your NCUA examiner.
About National Credit Union Administration (NCUA)
The NCUA is the independent federal agency created by the U.S. Congress to regulate, charter and supervise federal credit unions. With the backing of the full faith and credit of the United States, the NCUA operates and manages the National Credit Union Share Insurance Fund, insuring the deposits of more than 135 million account holders in all federal credit unions and the overwhelming majority of state-chartered credit unions. The NCUA also protects consumers and educates the public on consumer protection and financial literacy issues.
