Information Security Checklist
FFIEC IT Examination Handbook - Information Security Booklet
Overall Progress
75%
12 of 16 controls
Compliant
12
Checked controls
Gaps
4
Unchecked controls
Domains
4
Control domains
Control Domains
Click a domain to view detailed checklist items and mark controls as complete
Information Security Governance
Board oversight, policies, and strategic security program management
Examiner Intent:
Ensure board and senior management establish appropriate security governance, including clear roles, responsibilities, and accountability structures
75%3 / 4
Risk Assessment & Management
Systematic identification, analysis, and treatment of information security risks
Examiner Intent:
Verify institution conducts comprehensive risk assessments that drive security controls and align with business priorities
75%3 / 4
Access Control & Identity Management
User authentication, authorization, privileged access, and access reviews
Examiner Intent:
Validate that access to systems and data is appropriately restricted based on business need and that privileged access is tightly controlled
75%3 / 4
Security Operations & Monitoring
Security monitoring, incident response, vulnerability management, and threat detection
Examiner Intent:
Confirm institution has effective security monitoring and incident response capabilities to detect and respond to security events
75%3 / 4