Cybersecurity Resources

Cybersecurity and resilience are serious economic concerns rapidly spreading throughout the credit union industry as the risk of data breach and fraud continues to expand.  As an engaged and committed CUSO, CU*Answers has the professional resources available to learn about cybersecurity requirements and help credit unions design and build the infrastructure needed to continually monitor and enhance the security of their systems and to protect member information.

On this page you can:

  1. Have your Board review the basics of cybersecurity through our Cybersecurity Literacy series.
  2. Review CU*Answers’ policies or use our templates to create your own.
  3. Review CU*Answers’ responses to the FFIEC Risk Assessment and download your own assessment template.
  4. Review and download the FFIEC and NCUA’s cybersecurity resources.
  5. Contact our Disaster Recovery, AdvantageCIO, and AuditLink professionals if you need further assistance with your cybersecurity program.

Cybersecurity Literacy for Credit Union Directors

In the tradition of our Financial Literacy for Board Directors, CU*Answers has produced a video to help guide your board of directors on the basics and terminology of cybersecurity.  Remember that the FFIEC and examining bodies are expecting “the need for engagement by the board of directors and senior management, including understanding the institution’s cybersecurity inherent risk.”  This video and materials are free to not only credit unions in the CU*Answers network, but to any financial institution in the country that wants to take advantage of this opportunity.

Cybersecurity by CU*Answers

Cybersecurity Resources

Policies and Manuals

Policies and Templates.  CU*Answers has several templates you can use to help craft your own cybersecurity program.

Don’t forget to visit PolicySwap for more policies from your peers, as well as letting our network know what happened in your latest Cybersecurity exam by completing our ExamShare questionnaire.


Cybersecurity Fundamentals

FFIEC Risk Assessments

The FFIEC Risk Assessment and Maturity Model Template was originally developed by Tony DiMichele on his website.

Note:  CU*Answers does not recommend using the FFIEC Maturity Models as they are not likely to be applicable to the credit union industry.  For additional information, as well as arguments you can use for your examiners, please see the following document:

CU*Answers Key Audit Results

If you need audit reports from CU*Answers, you can download them from this link:

FFIEC, NCUA and CU*Answers Assessment Tools

FFIEC Cybersecurity Assessment Tool. This link will take you to the FFIEC page that describes the new FFIEC Cybersecurity Tool and offers guidance on how to complete the assessments.  Clicking this link will take you to the FFIEC website.

NCUA Cybersecurity Resources.  This link will take you to the NCUA Cybersecurity Resource Page and guidance.  They have a link to their AIRES IT Examination Questionnaire which provides information on the types of questions you can expect at your next examination.  Clicking this link will take you to the NCUA website.

Online Banking Risk Assessment.  This link will take you to the CU*Answers page that has all of your key information for assessing risk to Online Banking and configuring PIB.  CU*Answers strongly recommends turning on PIB if your credit union has not already done so!  CU*Answers can help with PIB if you need it.

Online Banking Risk Assessment Center

Disaster Recovery and Business Resumption

Cyber Resiliency is part of financial institution requirements.  If you have concerns about your own ability to recover from a disaster or need information on CU*Answers resumption testing, these links will help you get started.

1 (contains PDF reports on the latest CU*Answers Disaster Recovery Tests)


See what Business Continuity has to offer!

Business Continuity products are now available to order in the store.

Shop Business Continuity


Need help with technology solutions at your credit union?  AdvantageCIO is our answer to all your technology management needs, including Cybersecurity assessments.  Contact us for help today!


Need help with compliance or configuring security on CU*BASE?  Contact AuditLink for a consultation.  AuditLink can assist not just with CU*BASE security questions, but also with OFAC/BSA and cost of compliance questions.


Online training for your staff is available through our partnership with CU Training Inc.  If you haven’t already, check out this opportunity to help you staff stay in the know on key cybersecurity concepts.

Cybersecurity Classes in the TLC


February 18, 2022