logo

Select Sidearea

Populate the sidearea with useful widgets. It’s simple to add images, categories, latest post, social media icon links, tag clouds, and more.
hello@youremail.com
+1234567890
 

FFIEC User Access Reviews for Credit Unions/Banks

Financial Institutions

FFIEC User Access Reviews for Credit Unions/Banks (Financial Institutions)

Financial Institutions such as Credit unions and banks must perform user access reviews as outlined in the Federal Financial Institutions Examination Council (FFIEC) Information Security booklet. This “Information Security” booklet is an integral part of the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook) and should be read in conjunction with the other booklets in the IT Handbook. This booklet provides guidance to examiners and addresses factors necessary to assess the level of security risks to a financial institution’s information systems. It also helps examiners evaluate the adequacy of the information security program’s integration into overall risk management.

FFIEC

II.C.7(b) User Access Program

Management should develop a user access program to implement and administer physical and logical access controls to safeguard the institution’s information assets and technology. This program should include the following elements:

Principle of least privilege, which recommends minimum user profile privileges for both physical and logical access based on job necessity.

Alignment of employee job descriptions to the user access program.

Requirements for business and application owners to define user profiles.

Ongoing reviews by business line and application owners to verify appropriate access based on job roles with changes reported on a timely basis to security administration personnel.

Timely notification from human resources to security administrators to adjust user access based on job changes, including terminations.

Periodic independent reviews that ensure effective administration of user access, both physical and logical.

Reference Click here

Solution: SecurEnds Credential Entitlement Management

Automates user access and entitlement reviews.

Match accounts across applications to create an Identity database.

Identify and connect to disconnected applications including CSV file upload and map entitlements for user access reviews.

Establish ownership for mapping users, custom entitlement for custom and disconnected applications.

Set up continuous access review campaigns, notifications, escalations, and real-time status on the access certification.

Simplify Audit and Compliance reporting needed during the annual access reviews.

See what our customers are saying on

“SecurEnds was much less expensive than the other tools we evaluated on the market and had all of the functionality we were looking for. I’d recommend anyone in the market for Credential Entitlement Management take a look at SecurEnds”

Vice President
Information Security

“Their solution was easy to implement, the reviews were very straight forward and it took very little time for the managers complete their review. Once the solution was implemented and the reviews complete, all the audit findings disappeared.””

Senior Manager
Data Center Security & Compliance

See what our customers are saying on

“[With SecurEnds] we are finally able to meet our internal audit and external audit objectives for conducting Credential and Entitlement reviews.”

Steve M.
Sr. Mgr Security & Compliance

“The SecurEnds team provided us with outstanding support. Once implemented we immediately found we were overspending for some privileges and reclaimed seats that slipped through the cracks. I can’t imagine how companies much bigger than ours manage access control without a tool like this.

Mike B.
COO

“A great feature-rich, nifty application to flush orphan accounts! Love the fact it has integrations with different cloud service providers.”

Abhi S.
Vice President – CISO

Our Success Stories

Deloitte
Partner Success Story

We have partnered with Deloitte Europe Risk and Advisory Services a leading value-added reseller in information technology with a large customer base in the USA.

Customer Success Story

We worked with SITA, a world’s leading multi-billion dollar revenue company in air transport communications and information technology with 4700 employees and operations in 197 countries covering 95% of all international destinations.