Free Cyber Risk Analysis: Your Top Cyber Risks in 3 Clicks

Get Started
Request Demo

Cybersecurity Frameworks

Leveraging FSSCC Cybersecurity Profile in the Financial Sector


2020 is a critical year for harmonizing financial services cybersecurity regulations and unifying them under the fsscc cybersecurity profile. 

The Financial Services Sector Coordinating Council (FSSCC) cybersecurity profile was created by leading institutions including the Bank Policy Institute (BPI), to fulfill the need for a more efficient, tailored, and easily communicated framework to assess against, align to, and leverage to improve cybersecurity resilience. The profile is designed for all financial institutions, financial services organizations from banking, asset management, broker-dealers, insurance, to market utilities. 

On October 25, 2018, the Financial Services Sector Coordinating Council (FSSCC) published the cybersecurity profile. The FSSCC publicized the cybersecurity profile across the industry, as it was created in partnership and collaboration between the American Bankers Association, Bank Policy Institute, the Institute of International Bankers, and other financial industry leaders.

The sector profile’s aim is to simplify the regulatory strain that financial institutions are under while providing a more sector-specific standard to benchmark their organizations against. By optimizing the requirements they assess themselves against as well as expediting the assessment process for those organizations, the financial services cybersecurity profile offers a "73% reduction for community institution assessment questions" when compared to the FFIEC CAT, according to FSSCC's published Benefits to Financial Institutions.

What Are Future Plans for the FSSCC Cybersecurity Profile?

The FSSCC’s survey results showed that Chief Information Security Officers from financial institutions indicated that nearly 40% of their time, and their teams’ time, was spent reconciling various cybersecurity and regulatory frameworks.

The Financial Sector Coordinating Council (FSSCC), the trade associations, financial institutions, and other organizations and thought leaders who helped in developing the profile have noted that consistent iterations and improvements to the profile are essential for financial services sector cybersecurity to stay ahead. Every 2-3 years, the group plans to update the FSSCC cybersecurity profile. Therefore, the FSSCC and other stakeholders will continue to shape the cybersecurity profile over several cycles, so financial institutions can benchmark themselves in the most effective way as the cybersecurity risk landscape changes. Other standards bodies already abide by this practice, such as the National Institute of Standards and Technology (NIST) and the International Standards Organization (ISO).

In the financial services industry, CISOs are already heavily burdened by regulatory requirements, made even more difficult to manage with the cybersecurity talent shortage. The FSSCC cybersecurity profile will give CISOs enterprise-wide visibility across their business units and LOBs, departments, and vendor risk management initiatives, and will allow them to benchmark their programs both internally and externally. Cybersecurity risk management will be more accessible and manageable using the sector profile as opposed to tools such as the FFIEC cybersecurity assessment tool (CAT), according to the FSSCC stakeholders and website.

Mappings from the FSSCC Cybersecurity Profile to Regulatory Requirements

Due to increased demand for industry mappings, the FSSCC cybersecurity profile has already been mapped to various regulatory compliance frameworks and standards, such as ISO27001 and CPMI-IOSCO’s “Guidance on Cyber Resilience for Financial Market Structures” and others. The FSSCC plans to release mappings on a rolling basis.

According to the FSSCC, “Many Financial Services Cyber-Related Proposals Describe Similar Concepts to the NIST Cybersecurity Framework (but with Different Terminology)”. Mappings between other financial sector compliance standards and the financial sector profile will aid in bolstering cyber risk management and accelerating potential for continuous compliance and improvement across the financial services industry. Examples of similar mappings between regulations, NIST subcategories, NIST categories, and NIST functions are below.

FSSCC Cybersecurity Profile


You may also like

Critical Capabilities of Cyber ...
on May 20, 2024

In today's digital landscape, robust cybersecurity risk assessment tools are crucial for effectively identifying and mitigating cyber threats. These tools serve as the first line ...

A Practical Approach to FAIR Cyber ...
on May 10, 2024

In the ever-evolving world of cybersecurity, managing risk is no longer about simply setting up firewalls and antivirus software. As cyber threats become more sophisticated, ...

Unveiling the Best Cyber Security ...
on April 24, 2024

Considering the rollout of regulations like the SEC Cybersecurity Rule and updates to the NIST Cybersecurity Framework; governance and Board communication are rightfully ...

April Product Update
on April 18, 2024

The CyberSaint team is dedicated to providing new features to CyberStrong and advancing the CyberStrong cyber risk management platform to address all your cybersecurity needs. ...

Bridging the Gap: Mastering ...
on April 22, 2024

In today's digital landscape, cybersecurity has become essential to corporate governance. With the increasing frequency and sophistication of cyber threats, the SEC has set forth ...

March Product Update
on March 21, 2024

The CyberSaint team is dedicated to advancing the CyberStrong platform to meet your cyber risk management needs. These latest updates will empower you to benchmark your ...