Select Page

Shared Assessments Program Tool Alignment

The Shared Assessments tools refer to the following industry standards, regulations and guidance:

U.S. Domestic Standards:

  • AICPA Incident Response Procedures, 2004
  • FFIEC Information Technology Examination Handbook – Appendix J, 2015
  • FFIEC Cybersecurity Assessment Tool (CAT), May 2017
  • FFIEC IT, IS & Outsourcing Examination Handouts, Nov 2015
  • HIPAA Final Rule Modification, 2013
  • NIST Cybersecurity Framework (CSF) v1.1, April 2018
  • NIST Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, January 2015
  • NIST Special Publication 800-61, Revision 2, Computer Security Incident Handling Guide, August 2012
  • NIST Special Publication 800-184, Guidance for Cybersecurity Event Recovery, 2016
  • NY State Cybersecurity Regulation (23 NYCRR 500), 2017
  • OCC Bulletin 2013-29 Guidance on Third Party Relationships, 2013
  • US CERT Federal Incident Notification Guidelines, October 2014
  • US Cyber Consequences Unit (CCU) Cybersecurity Matrix Tool, 2009
  • US Food and Drug Administration (FDA) Title 21 of the Code of Federal Regulations (CFR) Part 11 (Electronic Records) Section 11.1(a), April 2016
  • US Department of Treasury, OCC Bulletin 2013-29, 2013

International Industry Standards:

  • Asia-Pacific Economic Cooperation (APEC), February 2014
  • Association of Banks in Singapore Outsourced Service Provider Standardized Guidelines, June 2015
  • Australian Prudential Regulatory Authority (APRA), May 2013
  • Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ) V3.1, 2014
  • EU General Data Protection Regulation (GDPR) Compliance, May 2018
  • Hong Kong Monetary Authority (HKMA), 2001
  • International Standards Organization (ISO) 27001/27002, 2013
  • Monetary Authority of Singapore (MAS), 2013
  • Payment Card Industry (PCI) PCI DDS v.3.2.1, February 2018
  • UK Financial Conduct Authority (FCA) Regulation SYSC 8.1 Outsourcing, May 2016
  • UK Guidance, CPNI SICS Managing Third Party Risk, May 2015
  • UK Cyber Essentials Scheme, January 2015

For more information about the Shared Assessments Program Tools, please email info@sharedassessments.org

Contact Us