Understanding the ACET and Other Cybersecurity Tools

In the world of cybersecurity, staying prepared is half the battle. The National Credit Union Administration (NCUA) offers a handy tool called the Automated Cybersecurity Evaluation Toolbox (ACET) to help credit unions gauge their cybersecurity readiness. This tool aligns with the Federal Financial Institutions Examination Council’s (FFIEC) Cybersecurity Assessment Tool, making it easier for institutions of all sizes to assess and track their cybersecurity maturity over time.

What ACET Brings to the Table

The ACET tool is entirely optional and doesn’t impose any new requirements on credit unions. Instead, it serves as a resource for identifying and understanding the institution's cybersecurity posture. Regular use of the ACET can help organizations:

• Spot potential risks before they escalate into problems

• Evaluate the extent of cyber risks they face

• Assess their preparedness against possible cyber threats

• Make informed decisions about their security measures based on actual risk levels

• Use a consistent and repeatable method to gauge risk readiness over time

• Address and mitigate cybersecurity risks effectively

Additionally, the ACET Toolbox includes the Cybersecurity and Infrastructure Security Agency’s (CISA) Ransomware Readiness Assessment (RRA), offering further insights into ransomware threat preparedness.

Latest Updates and Installation Tips

The newest version of the ACET Toolbox, version 11.2.1.0, comes with enhanced security and performance features. Notably, it no longer requires IIS Express and SQL Server 2012 Express LocalDB, which are no longer supported. For those using NCUA-issued laptops, it's advised to access the NCUA's internal Company Portal.

Before installing the ACET Toolbox, ensure your system meets the following requirements:

• Pentium dual-core 2.2 GHz processor (Intel x86 compatible)

• At least 6 GB of free disk space

• 4 GB of RAM

• Microsoft Windows 10 or higher

• Microsoft .NET Core 6.0 Runtime (included in the installation)

• SQL Server 2019 Express LocalDB (included in the installation)

For detailed installation instructions, refer to the Quick Installation Guide.

Exploring Other Cybersecurity Assessment Tools

Beyond ACET, the FFIEC offers its own Cybersecurity Assessment Tool. This resource provides a structured way for institutions to evaluate their cybersecurity readiness, incorporating principles from the FFIEC IT Examination Handbook and other industry standards like the NIST Cybersecurity Framework.

The CISA Ransomware Readiness Assessment (RRA) is another valuable tool. It helps organizations assess their preparedness against ransomware threats through a tiered set of practices. This self-assessment is designed to be adaptable, catering to various levels of cybersecurity maturity. It includes an analysis dashboard that presents the results in both summary and detailed formats.

Lastly, the Cyber Resilience Review (CRR) offers a no-cost, voluntary assessment to evaluate an organization’s operational resilience and cybersecurity practices. Whether conducted as a self-assessment or facilitated by DHS cybersecurity professionals, the CRR covers a broad range of domains, providing a comprehensive view of an organization’s resilience and areas for improvement.

By utilizing these tools, organizations can better prepare for and respond to cybersecurity challenges, ensuring a robust defense against ever-evolving threats.