Dear Board of Directors:
The purpose of this letter is to provide NCUA’s IT Security Compliance Guide for Credit Unions.
The guide offers information to assist credit unions in complying with the NCUA Rules and Regulations, Part 748, Appendix A; Guidelines for Safeguarding Member Information, and Appendix B; Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice. Each section of the guide relates to specific parts of Appendixes A and B of Part 748 of the NCUA Rules and Regulations. Section III provides additional guidance on the risk-assessment process necessary to identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of member information or member information systems.
The guide’s appendix is a list of resources intended to assist credit unions in complying with the NCUA Rules and Regulations, Part 748, Appendixes A and B. The organizations in the Appendix provide information on computer security with a focus on risk assessment methodologies and the design and implementation of computer security programs. The resource list is for informational purposes only and does not imply a recommendation or endorsement by the National Credit Union Administration.
If you have any questions or concerns, please contact your NCUA Regional Office or State Supervisory Authority.
JoAnn M. Johnson