Introducing Strunk’s New Cybersecurity Assessment Feature

As the digital landscape evolves, so do the tools necessary for financial institutions to assess and manage cybersecurity risks. We are excited to announce the release of Strunk’s updated cyber risk assessment feature, designed to help your organization transition away from the FFIEC’s Cybersecurity Assessment Tool (CAT), which will sunset on August 31, 2025.

The FFIEC has recommended several alternative resources, including the NIST Cybersecurity Framework (CSF), Cyber Risk Institute’s (CRI) Cyber Profile, CISA’s Cybersecurity Performance Goals (CPGs), and CIS Critical Security Controls. To address the need for modern, flexible, and regulatory-aligned frameworks, Strunk now offers two new assessment templates based on our preferred tools: NIST CSF and CRI Profile.

These templates provide a structured approach to managing and reducing cybersecurity risk. The NIST CSF offers a high-level, adaptable foundation for organizations of any size, while the CRI Profile provides enhanced detail tailored to the unique needs of financial institutions. By utilizing one of these frameworks, you can effectively evaluate your risk posture and strengthen your cybersecurity efforts.

When choosing the right assessment tool, it’s important to consider your organization’s size, complexity, priorities, and goals. The FFIEC encourages institutions to use self-assessment tools that are “commensurate with their risk” to support a robust control environment. Our new feature empowers you to explore these alternative frameworks and tools, ensuring a seamless transition and continued effective cyber risk management.

For more information about how our solution can assist you in preparing for the future of cybersecurity risk management, please contact Strunk at 800.728.3116 or info@strunkaccess.com.