CybersecurityFramework

FSSCP

The Financial Services Sector Cybersecurity Profile

The Financial Services Sector Cybersecurity Profile is a scalable and extensible assessment tool designed to help financial institutions manage cyber risks and demonstrate regulatory compliance. It is based on the NIST Cybersecurity Framework and offers a tailored approach to streamline cybersecurity assessments globally.

Overview

Launched on October 25, 2018, the Financial Services Sector Cybersecurity Profile is a collaborative effort among financial institutions, vendors, and trade groups. It provides diagnostic assessment statements tailored to institutions' risk profiles, reducing the time required for comprehensive cybersecurity assessments while aligning with various regulatory frameworks. Regulators have welcomed its potential to enhance transparency and reduce systemic risk. The Profile is updated every two to three years by a coalition of stakeholders, ensuring alignment with new supervisory requirements and global standards like those from NIST and ISO.

Related in Cybersecurity

CybersecurityFrameworkStandard

CCM v4.1 β€” Cloud Controls Matrix v4.1

The Cloud Controls Matrix (CCM) v4.1 is a cybersecurity control framework that consists of 207 controls across 17 security domains, specifically tailored for cloud security and privacy. The Consensus Assessment Initiative Questionnaire (CAIQ) accompanies the CCM, offering a set of assessment questions to evaluate security controls.

Cloud Security Alliance (CSA) β€’ v4.1

View details
CybersecurityStandard

SOC-CMM β€” SOC-CMM Assessment Tool

The SOC-CMM model is a capability maturity model that can be used to perform a self-assessment of your Security Operations Center (SOC). The model is based on review conducted on literature regarding SOC setup and existing SOC models as well as literature on specific elements within a SOC. The literature analysis was then validated by questioning several Security Operations Centers in different sectors and on different maturity levels to determine which elements were actually in place. The output from the survey, combined with the initial analysis is the basis for this self-assessment. For more information regarding the scientific background and the literature used to create the SOC-CMM self-assessment tool, please refer to the thesis document as available through: https://www.soc-cmm.com/

SOC-CMM

View details
CybersecurityRegulation

EU Digital Services Act β€” Regulation (EU) 2022/2065 - EU Digital Services Act

The Digital Services Act (DSA) (Regulation (EU) 2022/2065) establishes a comprehensive framework for regulating online intermediary services, platforms, and marketplaces across the European Union to create a safer and more transparent digital environment. The regulation introduces obligations for online platforms to address illegal content, improve transparency in content moderation and advertising, protect users' rights, and manage systemic risks such as disinformation and harmful content. It also imposes enhanced requirements on very large online platforms and search engines, while preserving fundamental rights, consumer protection, and innovation. Overall, the DSA aims to harmonize rules across the EU and increase accountability for digital service providers operating within the Single Market.

European Union β€’ EU

View details
CybersecurityRegulation

EU Data Act β€” Regulation (EU) 2023/2854 - EU Data Act

The EU Data Act (Regulation (EU) 2023/2854) establishes harmonized rules to make data generated by connected products and related digital services more accessible and usable across the European Union. It gives users of connected devices, such as IoT products, the right to access and share the data they generate with third parties, while requiring data holders to provide that data under fair, reasonable, and non-discriminatory conditions. The regulation aims to reduce barriers to data sharing, promote innovation and competition, enable easier switching between cloud and data-processing services, and support public-sector access to data in situations of exceptional need, while preserving data protection, privacy, intellectual property rights, and trade secret safeguards. Overall, the Data Act is designed to create a fairer and more competitive European data economy by empowering users and improving access to valuable data resources.

European Union β€’ EU

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks β€” automatically.

Book your strategy call