FFIEC Icon

Centralize Documentation to Streamline Audits

Use Drata's powerful automation to meet strict regulatory requirements and help you achieve and maintain compliance.

Use automation to set your maturity level for FFIEC

Set And Monitor FFIEC Information Security Controls

Regardless of their size, financial institutions must endure both an annual independent IT audit that includes information security and an annual regulatory exam. With Drata’s platform, you can get compliant faster by reviewing your current controls and gaining visibility into additional controls you need to implement.


To maintain your compliance posture, you can leverage Drata’s continuous control monitoring capabilities, ensuring that controls function as intended. You can provide our shareable security report to auditors and examiners during the documentation request phase, giving them at-a-glance visibility into your compliance posture.

Set And Monitor FFIEC Information Security Controls Image
Create a single source of audit documentation to reduce compliance costs

Monitor And Document Compliance In A Simple, Central Platform

Stop wasting time responding to each documentation request. Consolidate your growing tech stack into a centralized platform to create a single source of truth for all compliance monitoring.


Minimize the time spent responding to auditor and examiner requests by combining all monitoring and audit trails within Drata’s easy-to-use platform. Using shared controls between frameworks, automated tests, and the central readiness dashboard, you can streamline compliance by mapping your FFIEC controls from frameworks like PCI DSS for consistency and efficiency.

Monitor And Document Compliance In A Simple, Central Platform copy@2x
Create customized controls as you mature your cybersecurity program

Create And Map Custom Controls To Automated Tests

The FFIEC Cybersecurity Assessment Tool provides guidance for financial institutions to mature their programs beyond the IT Handbook's Information Security Booklet minimum baseline requirements. You can apply existing Drata controls to meet baseline maturity or create customized controls and further document your maturity.


When you map your custom controls to our automated tests, you can continuously monitor and document your compliance efforts as you iterate your program. When adding new processes aligned to the maturity model, you can use our Jira integrations to delegate and track compliance-related tasks.

FFIEC - Create And Map Custom Controls To Automated Tests Image

What's Included With FFIEC

Complying with the textbook of financial regulations is hard enough. Everything you need for FFIEC—and more—in one platform.

Continuous Control Monitoring Icon

Continuous Monitoring

Drata displays the requirements associated with FFIEC. We stay up to date on the latest information to keep you in compliance.

Customize to Your Needs

Customization for Your Needs

Customize FFIEC to your compliance needs with features like custom controls and mapping automated tests to controls.

Control Library

Requirement Scoping Baseline

Use the Control Baseline to select the maturity level for FFIEC and automatically scope requirements that meet compliance.

Shared Controls

Shared Controls

Make immediate progress toward your FFIEC framework by implementing controls already enabled for your other frameworks.

Readiness Dashboard

One Central Dashboard

Know where you stand. Our Framework Readiness Dashboard tracks progress towards requirements and controls.

Support and Real-Time Answers Icon

Support and Live Chat

Drata’s support team consists of compliance experts and former auditors. Our experts are a click away.

The quality and philosophy of support at Drata are unparalleled. Drata is superb in usability, design and integrations.
Headshot - David Caughill

David Caughill

DevOps Engineer

Drata also worked to understand our audit needs and matched us with an auditor who has been terrific. Drata is a luxury limousine for your compliance journey.
Headshot - Joshua Peskay

Joshua Peskay

vCIO

Having centralized and detailed visibility of all our personnel, assets, and being able to see what compliance requirements need our attention has streamlined the entire process.
Headshot - Lola Kureno

Lola Kureno

Cyber Security Engineer

The time savings and impact on sales are immediate, especially as we inform our customers that we’re pursuing SOC 2 compliance!
Drata helped us to seamlessly transition into a fully integrated compliance program and was essential to our SOC 2.
Diana Cohen

Diana Cohen

Head of Legal & Compliance

The quality and philosophy of support at Drata are unparalleled. Drata is superb in usability, design and integrations.
Headshot - David Caughill

David Caughill

DevOps Engineer

Drata also worked to understand our audit needs and matched us with an auditor who has been terrific. Drata is a luxury limousine for your compliance journey.
Headshot - Joshua Peskay

Joshua Peskay

vCIO

Having centralized and detailed visibility of all our personnel, assets, and being able to see what compliance requirements need our attention has streamlined the entire process.
Headshot - Lola Kureno

Lola Kureno

Cyber Security Engineer

The time savings and impact on sales are immediate, especially as we inform our customers that we’re pursuing SOC 2 compliance!
Drata helped us to seamlessly transition into a fully integrated compliance program and was essential to our SOC 2.
Diana Cohen

Diana Cohen

Head of Legal & Compliance

The quality and philosophy of support at Drata are unparalleled. Drata is superb in usability, design and integrations.
Headshot - David Caughill

David Caughill

DevOps Engineer

The quality and philosophy of support at Drata are unparalleled. Drata is superb in usability, design and integrations.
Headshot - David Caughill

David Caughill

DevOps Engineer

Drata also worked to understand our audit needs and matched us with an auditor who has been terrific. Drata is a luxury limousine for your compliance journey.
Headshot - Joshua Peskay

Joshua Peskay

vCIO

Having centralized and detailed visibility of all our personnel, assets, and being able to see what compliance requirements need our attention has streamlined the entire process.
Headshot - Lola Kureno

Lola Kureno

Cyber Security Engineer

The time savings and impact on sales are immediate, especially as we inform our customers that we’re pursuing SOC 2 compliance!
Drata helped us to seamlessly transition into a fully integrated compliance program and was essential to our SOC 2.
Diana Cohen

Diana Cohen

Head of Legal & Compliance

The quality and philosophy of support at Drata are unparalleled. Drata is superb in usability, design and integrations.
Headshot - David Caughill

David Caughill

DevOps Engineer

Drata also worked to understand our audit needs and matched us with an auditor who has been terrific. Drata is a luxury limousine for your compliance journey.
Headshot - Joshua Peskay

Joshua Peskay

vCIO

Having centralized and detailed visibility of all our personnel, assets, and being able to see what compliance requirements need our attention has streamlined the entire process.
Headshot - Lola Kureno

Lola Kureno

Cyber Security Engineer

The time savings and impact on sales are immediate, especially as we inform our customers that we’re pursuing SOC 2 compliance!
Drata helped us to seamlessly transition into a fully integrated compliance program and was essential to our SOC 2.
Diana Cohen

Diana Cohen

Head of Legal & Compliance

The quality and philosophy of support at Drata are unparalleled. Drata is superb in usability, design and integrations.
Headshot - David Caughill

David Caughill

DevOps Engineer

Logo - Red Rover
Logo - RoundTable Technology
Logo - INE
NextED-padding
Lilt logo
Logo - Red Rover
Logo - RoundTable Technology
Logo - INE
NextED-padding
Lilt logo
Logo - Red Rover
Logo - Red Rover
Logo - RoundTable Technology
Logo - INE
NextED-padding
Lilt logo
Logo - Red Rover
Logo - RoundTable Technology
Logo - INE
NextED-padding
Lilt logo
Logo - Red Rover

Join the thousands of companies that trust Drata

Abnormal Logo
Airbase
BambooHR Logo
BigID Logo
Clearbit Logo
Clearco Logo
Fivetran Logo
Lemonade Logo
Notion Logo
SoFi Logo
Vercel Logo
Wordpress VIP

The Latest Resources

Blog

Frameworks-Blog-Image-1200-x-628@2x-1-2048x1072

New Frameworks: CCPA, ISO 27701, & More

We've added frameworks to the Drata platform including CCPA, ISO 27701, Microsoft SSPA, NIST CSF, NIST 800-171, NIST 800-53, CMMC, and FFIEC.

Learn More

Blog

Blog-Featured-Images-23

Penetration Testing vs. Vulnerability Scanning: What’s the Difference?

Learn the differences between vulnerability scanning and penetration testing to make the best choice for your organization’s needs.

Learn More

Blog

Introducing Automated PCI DSS Compliance

Introducing Automated PCI DSS Compliance

Announcing Drata’s new framework—PCI DSS. If you accept, process, store, or transmit credit card information, PCI compliance is required.

Learn More

Frequently Asked Questions About CMMC

Yes, with Drata's custom control feature, you can create controls for each framework based on your individual scope of work.

The Federal Financial Institutions Examination Council (FFIEC) is the interagency body that determines principles, standards, and report forms used by regulatory auditors across the FRB, FDIC, NCUA, and OCC. Its Cybersecurity Assessment Tool is for financial institutions to measure their cybersecurity preparedness over time.

Since the FFIEC sets the requirements that govern regulatory audits, financial institutions can use the resources to help them set necessary baselines to pass their audits. 

The FFIEC Information Security Handbook guides regulatory examiners when they evaluate a financial institution’s overall information security risk management program. While the National Credit Union Administration (NCUA) has its own set of standards, these are based on the FFIEC IT Handbook.

In 2017, the FFIEC released the Cybersecurity Assessment Tool so that institutions could create repeatable and measurable processes to determine their cybersecurity preparedness over time.

The Cybersecurity Assessment Tool defines five levels of inherent risk so that financial institutions can standardize their risk analysis practices. 

When determining Cybersecurity Maturity as part of the Assessment, the Tool sets out five domains:

  • Domain 1: Cyber Risk Management and Oversight

  • Domain 2: Threat Intelligence and Collaboration

  • Domain 3: Cybersecurity Controls

  • Domain 4: External Dependency Management

  • Domain 5: Cyber Incident Management and Resilience

Institutions then determine their maturity within each Domain based on the following 5 maturity levels, with each new level including all the requirements of the ones previous: 

  • Baseline - Minimum, legally-required expectations mapped to the FFIEC Information Security booklet

  • Evolving - Establishment of risk-driven objectives plus additional documented procedures and policies beyond the minimum required.

  • Intermediate - Detailed, formal processes including consistent, validated controls

  • Advanced - Integrated cybersecurity practices and analytics across lines of business that use automation for the majority of risk management processes and include continuous process improvement

  • Innovative - New controls developed, new tools implemented, or new information-sharing groups created while leveraging real-time predictive analytics tied to automated responses.

Automate Your Journey

Drata's platform experience is designed by security and compliance experts so you don't have to be one.

Connect

Easily integrate your tech stack with Drata.

Configure

Pre-map auditor validated controls.

Comply

Begin automating evidence collection.

Put Compliance on Autopilot

Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.