Home » Are you ready to Attest to the 12/31/21 Federal Reserve Bank’s Security Standard?

Publication date: September 20, 2021

Are you ready to Attest to the 12/31/21 Federal Reserve Bank’s Security Standard?

Annual self-certification for organization to meet the Federal Reserve Bank’s security Standards.

Share this content

Written by Angela Polania

Angela Polania, CPA, CISM, CISA, CRISC, HITRUST, CMMC RP. Angela is the Managing Principal at Elevate and board member, and treasurer at the CIO Council of South Florida.

In this article, we discuss the New FedLine Standard.

Starting December 31st, 2021, all institutions that use FedLine Advantage or FedLine Web are required to annually self-certify that their organization meets the Federal Reserve Bank’s security Standards.  Depending on the environment and tools used, institutions may have to certify to over 50 controls.  As with most modern security frameworks, the self-assessment is risk-based.  However, at the discretion of the Federal Reserve Bank, independent validation by third parties or internal audit functions may be required.  

The requirements for the assurance program are outlined in the Federal Reserve Operating Circular No. 5.  The program is focused on reducing the risk of fraudulent payments being sent through the systems.  The scope of the program could extend not only to institutions but to potential service providers as well.  

The Federal Reserve Bank has followed in the footsteps of the SWIFT (Society for Worldwide Interbank Financial Telecommunication) CSCF and has announced the development and implementation of a Security & Resiliency Assurance Program (“Assurance Program”).

The assurance program is a collection of controls that stem from both the FedLine Advantage Security and Control Procedures and the FedLine Web Security and Control Procedures. Institutions can access these documents via the EUAC Center in FedLine Home.

The self-assessment consists of the following steps:

  • Acknowledge the institution has conducted the self-assessment was completed within the applicable timeframe
  • If applicable, if the self-assessment was completed internally or by a third party
  • Acceptance of the institution’s responsibility for their compliance requirements 
  • A statement of remediation plans that are in place (if any) as a result of the assessment

Click here for an overview of how to self-certify to the FedLine Solutions Security and Resiliency Assurance Program

Need help in determining your institution’s scope and assessment of compliance with the Assurance Program? 

We Can Help! 

Our teams of IT Security and IT Compliance advisors can work with you to assess your internal environment, determine the scope of controls applicable to your institution, based on your risks, and perform a comprehensive review and validation of your controls’ in accordance with the Fedline SRAP guidelines.  Call us or visit our website today for more information to get your organization started on the way to compliance with the Federal Reserve Banks. 

Related posts

Contact Elevate today to learn more about Elevate Insights | IT Compliance and Privacy

Elevate // +1 (888) 601-5351 // Monday to Friday 9am-6pm