NCUA’s Automated Cybersecurity Examination Tool (ACET) Will Remain Available Following the Sunset of the FFIEC’s Cybersecurity Assessment Tool

The Federal Financial Institutions Examination Council announced today the sunsetting of its Cybersecurity Assessment Tool on August 31, 2025. While this decision impacts the broader financial services industry, NCUA’s Automated Cybersecurity Examination Tool (ACET) will continue to be supported and remain available for use by credit unions. The ACET is available for download at no charge on the NCUA’s website.

As geopolitical events evolve, credit unions of all sizes must understand and operate under the assumption that they remain targets of not just cybercriminals, but foreign nations that intend to cause harm to critical infrastructure in the United States—of which credit unions are a vital part. As such, the NCUA encourages credit unions to use the ACET as a tool for assessing cybersecurity preparedness levels. The ACET has been tailored specifically for credit unions and includes a user-friendly application interface, enhanced reporting features, and supplementary information. The ACET also includes added information and reporting capabilities not found in the FFIEC’s Cybersecurity Assessment Tool.

Please visit the NCUA’s Cybersecurity Resource Center for additional tools and resources.

The NCUA will ensure the ACET remains relevant and current with the evolving cybersecurity landscape, and is planning updates to the ACET content to align with new standards and frameworks, such as the National Institute of Standards and Technology Cybersecurity Framework 2.0 and the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Performance Goals. These updates will ensure that the ACET continues to meet credit unions' needs in assessing their cybersecurity stance.

The NCUA is committed to supporting all credit unions’ cybersecurity efforts—including continuing to seek third-party vendor authority from Congress to reduce the due diligence burden on credit unions that may not have the necessary experience or resources to ensure their vendor is in full compliance with applicable laws, as well as cybersecurity best practices. The NCUA continues to encourage credit unions to use the ACET as a critical component of their cybersecurity assessment and risk management practices.

For questions or concerns regarding the ACET or cybersecurity in general, please contact your NCUA examiner.

Previous
Previous

Credit Unions Announce New Hires and boost.ai Announces Hiring of IT Transformation Expert

Next
Next

PenFed Credit Union Successfully Completes Second Auto Loan Securitization