Welcome » What's New
This section is where all changes made to the
InfoBase are listed. Each change entry includes the
effective date and a brief description.
Below are the most recent updates to the
InfoBase. For a complete listing of all changes,
Change History Log
Apr 2, 2014
Joint Statement: Distributed Denial-of-Service (DDoS) Cyber-Attacks, Risk Mitigation, and Additional Resources
Added FFIEC Joint Statement, Distributed Denial-of-Service (DDoS)
Cyber-Attacks, Risk Mitigation, and Additional Resources .
This statement identifies the risk associated with Distributed
Denial of Service (DDoS) attacks and provides mitigation
Joint Statement: Cyber-attacks on Financial Institutions’ ATM and Card Authorization Systems
Added FFIEC Joint Statement, Cyber-attacks on Financial
Institutions' ATM and Card Authorization Systems. This
statement identifies the risk associated with current attack
vectors against ATM's and Card Authorization Systems and provides
Oct 7, 2013
Added FFIEC Joint Statement, End of Microsoft Support for Windows
XP Operating System. This statement identifies the risk
associated with the continuing use of the XP Operating System.
Mar 22, 2013
Information Technology Examination Handbook InfoBase Enhancements
The Federal Financial Institutions Examination Council (FFIEC)
member agencies today announced the addition of a new feature to
the Information Technology Examination Handbook InfoBase. This
feature provides bankers, agency personnel, and other interested
parties with the ability to register and receive notifications of
additions, changes, and deletions to the InfoBase. Users may elect
to receive messages by either email notification or a Real Simple
Syndication (RSS) feed through links on the Welcome page of the
online InfoBase at: ithandbook.ffiec.gov
The press release is at: http://www.ffiec.gov/press/pr032213.htm
Oct 31, 2012
Supervision of Technology Service Providers (TSP) booklet
The booklet replaces the March 2003 version and
includes the following revisions:
Reference Materials - Federal Regulatory Agencies' Administrative Guidelines: Implementation of Interagency Programs for the Supervision of Technology Service Providers
The Guidelines describe the process the FRS, FDIC,
and OCC (agencies) follow to implement the interagency supervisory
programs and include the reporting templates examiners use
throughout the supervisory cycle. The primary audience is the
agencies' management and field examiners.
Jul 10, 2012
Added the FFIEC Public Cloud Computing
Statement. The statement maps cloud computing risks to
the various FFIEC IT Handbook booklets.
May 7, 2012
Audit, BCP, E-Banking, Information Security, Operations, Outsourcing, and Retail Payments booklets.
Revised multiple booklets to address the transition
from SAS-70 to the SSAE-16
attestation review process and other third-party review
Apr 27, 2012
Information Security booklet
Added the FFIEC Supplement to the Authentication in
an Internet Banking Environment guidance for all agencies in
the Resource section, Appendix C.
Apr 9, 2012
Added Appendix D, Managed Security Service
Providers (MSSP). This appendix,
including examination procedures, addresses the unique risks
associated with outsourcing IT security functions.
Apr 2, 2012
Added examination procedures to address the
risks associated with cloud computing.