Appendix C: References

 

Sources


Laws

Resource TitleTypeDate
12 USC 1464(d): Home Owner's Loan ActLawN/A
12 USC 1867(c): Bank Service Company ActLawN/A
12 USC 1882: Bank Protection ActLawN/A
15 USC 6801 and 6805(b): Gramm-Leach-Bliley ActLawN/A
18 USC 1030: Fraud and Related Activity in Connection with ComputersLawN/A

Federal Reserve Board

Resource TitleTypeDate
12 CFR Part 208, Appendix D-2: Interagency Guidelines Establishing Standards for Safeguarding Customer InformationRegulationN/A
12 CFR 211.5 and 211.24 (i), Protection of Customer and Consumer InformationRegulationN/A
12 CFR Part 225, Appendix F: Interagency Guidelines Establishing Standards for Safeguarding Customer InformationRegulationN/A
SR Letter 13-19, Guidance on Managing Outsourcing RiskGuidanceDecember 5, 2013
SR Letter 11-9, Interagency Supplement to Authentication in an Internet Banking EnvironmentGuidanceJune 29, 2011
SR Letter 05-23, Unauthorized Access to Customer InformationGuidanceDecember 1, 2005
SR Letter 05-19, Interagency Guidance on Authentication in an Internet Banking EnvironmentGuidanceOctober 13, 2005
SR Letter 01-15, Standards for Safeguarding Customer InformationGuidanceMay 31, 2001
SR-Letter 00-17, Guidance on the Risk Management of Outsourced Technology ServicesGuidanceNovember 30, 2000
SR Letter 99-8, Uniform Rating System for Information TechnologyGuidanceMarch 31, 1999
SR Letter 98-9, Assessment of Information Technology in the Risk-Focused Frameworks for the Supervision of Community Banks and Large Complex Banking OrganizationsGuidanceApril 20, 1998

Federal Deposit Insurance Corporation

Resource TitleTypeDate
12 CFR Part 364, Appendix A: Interagency Guidelines Establishing Standards for Safety and SoundnessRegulationN/A
12 CFR Part 364, Appendix B: Interagency Guidelines Establishing Standards for Safeguarding Customer InformationRegulationN/A
FIL-13-2015, FFIEC Joint Statements on Destructive Malware and Compromised CredentialsGuidanceMarch 30, 2015
FIL-21-2014, Webinar on Senior Management's Role in CybersecurityGuidanceApril 25, 2014
FIL-11-2014, Distributed Denial of Service AttacksGuidanceApril 2, 2014
FIL-13-2014, Technology Outsourcing Information Tools for Community BankersGuidanceApril 7, 2014
FIL-46-2012, Supervision of Technology Service Providers and Outsourcing Technology ServicesGuidanceNovember 6, 2012
FIL-44-2008, Third Party Risk: Guidance for Managing Third Party RiskGuidanceJune 6, 2008
FIL-6-2008, Interagency Statement on Pandemic Planning: Guidance for Minimizing a Pandemic's Potential Adverse EffectGuidanceFebruary 6, 2008
FIL-52-2006, Foreign-Based Third Party Service Providers: Guidance on Managing Risks in These Outsourcing RelationshipsGuidanceJune 21, 2006
FIL-25-2006, Influenza Pandemic: Interagency AdvisoryGuidanceMarch 15, 2006
FIL-121-2004, Guidance on Developing an Effective Computer Software Evaluation Program to Assure Quality and Regulatory Compliance GuidanceNovember 16, 2004
FIL-103-2004, Interagency Information Brochure on Internet Phishing Scams GuidanceSept 13, 2004
FIL-43-2003: Computer Software Patch ManagementGuidanceMay 29, 2003
FIL-50-2001: Bank Technology Bulletin on OutsourcingGuidanceJune 4, 2001
FIL-49-99: Required Notification for Compliance with the Bank Service Company ActGuidanceJune 3, 1999

National Credit Union Administration

Resource TitleTypeDate
12 CFR Part 721: Federal Credit Union Incidental Powers ActivitiesRegulationN/A
12 CFR Part 748: Security Program, Report of Crime and Catastrophic Act, Bank Secrecy Act Compliance, and Appendix A - Guidelines for Safeguarding Member InformationRegulationN/A
12 CFR Part 741: Requirements for InsuranceRegulationN/A
12 CFR Part 740: AdvertisingRegulationN/A
NCUA Letter to Credit Unions 02-CU-17: E-Commerce Guide for Credit UnionsGuidanceDecember 2002
NCUA Letter to Credit Unions 01-CU-20: Due Diligence Over Third-Party Service ProvidersGuidanceNovember 2001
NCUA Letter to Credit Unions 00-CU-11: Risk Management of Outsourced Technology ServicesGuidanceDecember 2000

Office of the Comptroller of the Currency

Resource TitleTypeDate
12 CFR Part 30, Appendix A: Interagency Guidelines Establishing Standards for Safety and SoundnessRegulationN/A
12 CFR Part 30, Appendix B: Interagency Guidelines Establishing Standards for Safeguarding Customer InformationRegulationN/A
OCC Bulletin 2015-20, Cybersecurity: Destructive Malware Joint Statement GuidanceMarch 30, 2015
OCC Bulletin 2015-19, Cybersecurity: Cyber Attacks Compromising Credentials Joint Statement GuidanceMarch 30, 2015
OCC Bulletin 2015-9, FFIEC Information Technology Examination Handbook: Strengthening the Resilience of Outsourced Technology Services, New Appendix for Business Continuity Planning Booklet GuidanceFebruary 6, 2015
OCC Bulletin 2014-45, Heightened Standards for Large Banks; Integration of 12 CFR 30 and 12 CFR 170: Final Rules and Guidelines GuidanceSeptember 25, 2014
OCC Bulletin 2014-53, Cybersecurity: Cybersecurity Assessment General Observations and Statement GuidanceNovember 3, 2014
OCC Bulletin 2013-29, Third-Party Relationships: Risk Management Guidance GuidanceOctober 30, 2013
OCC Bulletin 2006-26, "Disaster Planning: Hurricane Katrina-Lessons Learned GuidanceJune 15, 2006
OCC Bulletin 2006-12, Influenza Pandemic: Interagency Advisory GuidanceMarch 15, 2006

OCC Bulletin 2004-47, FFIEC Guidance: Risk Management for the Use of Free and Open Source Software

GuidanceOctober 27, 2004
OCC Bulletin 2003-14, Interagency White Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System GuidanceApril 8, 2003
OCC Bulletin 1998-3, Technology Risk Management: Guidance for Bankers and Examiners GuidanceFebruary 4, 1998

Other References

Resource TitleTypeDate
FDIC FIL-28-2015, Cybersecurity Assessment ToolJuly 2, 2015
SR Letter 15-9, FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of DirectorsJuly 2, 2015
OCC Bulletin 2015-31, FFIEC Cybersecurity Assessment Tool June 30, 2015
Basel Committee on Banking Supervision, Sound Practices for the Management and Supervision of Operational Risk February 2003
ISACA Control Objectives for Enterprise IT Governance (CoBIT)


 

 

Previous Section
Appendix B: Glossary