Small banks and credit unions can easily meet some of the NCUA (National Credit Union Administration) cybersecurity requirements for log monitoring, detection, response and mitigation with the help of Blumira’s platform.

For credit unions to get started with cybersecurity compliance, they should first understand a few key terms.

What is the NCUA?

The NCUA is a government-backed insurer of credit unions, created to regulate and supervise federal credit unions. The NCUA helps protect the credit union system by identifying, monitoring and reducing risks to the National Credit Union Share Insurance Fund. Part 748 of the Code of Federal Regulations outlines a number of items that each federally insured credit union should do as part of its security program.

Some of those include ensuring the security and confidentiality of member records; protecting against unauthorized access to or use of records that could result in harm; responding to these incidents; preventing the destruction of vital records and more – see the full list on NCUA’s Cybersecurity Regulations and Guidance.

What is the FFIEC?

The NCUA aligns closely with the FFIEC (Federal Financial Institutions Examination Council), which is a government body that aims to provide uniformity for supervising financial institutions. The FFIEC is composed of five banking regulators, one of which is the NCUA. 

Understanding NCUA’s Cybersecurity Assessment Toolbox

The NCUA’s ACET (Automated Cybersecurity Evaluation Toolbox) application enables credit unions to conduct a maturity assessment aligned with the FFIEC’s Cybersecurity Assessment Tool. This can help financial institutions determine and measure their own cybersecurity preparedness over time, according to NCUA. 

Below is an image of the FFIEC’s five domains they use to assess an organization’s preparedness.

The FFIEC’s Cybersecurity Assessment Tool in the form of a PDF may be easier to use and doesn’t require downloading or installation. A few key components of the domains above include:

Domain 3: Cybersecurity Controls – Event Detection

  • As a baseline, organizations should establish a normal network activity baseline, with alerting in place to notify them of potential attacks
  • Processes should be in place to monitor for unauthorized users, devices, connections and software; roles and responsibilities for monitoring systems should be assigned
  • The physical environment is also monitored for potential unauthorized access

Domain 5: Cyber Incident Management and Resilience – Detection, Response and Mitigation

  • As a baseline, organizations should set alert parameters to detect incidents requiring mitigation
  • System performance reports should have information that can be used as a risk indicator to detect incidents
  • Tools and processes should be in place to detect, alert and trigger an incident response program

Log Management For IT Operations and Security

One of the NCUA’s recommendations is to use a SIEM (security information and event management) system to provide a central logging repository of all network and host activities to enable timely and effective log analysis, as “log files are critical to the successful investigation and prosecution of security incidents” according to the FFIEC’s IT Examination Handbook on Information Security (PDF).

A more up-to-date FFIEC booklet named “Architecture, Infrastructure, and Operations” focuses on business structure, IT infrastructure and service delivery for customers. Its guideline V1.B.7 for Log Management under V1.B IT Operational Processes can be summarized as:

  • Logs are records of events occurring within an organization’s systems and networks – examples include:
    • Occurrence (successful backups, patch installation, system events)
    • Anomaly (failed backups or login attempts and suspicious activity)
    • Usage (capacity)
    • Activity (authentication success or failure, blocked traffic)
  • Organizations should have a process to use logs to identify, track, analyze and resolve problems occurring during daily operations.
  • Analyzing logs allows organizations to troubleshoot problems, investigate malicious activity, understand their baseline activities, and help inform future improvements.

Challenges With Log and SIEM Management

However, managing and getting value out of a typical SIEM is no small task and often out of reach of smaller banks and credit unions with limited resources or security expertise and personnel. The FFIEC outlines some of the log management challenges, including:

  • Balancing the amount of data collected, available storage and capacity, ability to analyze data, and capability to respond to issues
  • The vast amount of data collected can make it difficult to identify anomalies
  • Organizations need to identify false positives and adjust logging parameters to minimize future false positives for log reviews

Getting all of these components right while tuning a typical SIEM for noisy false positives can require experienced security analysts. It can also take months to get fully operational and ongoing maintenance. Small banks and credit unions may turn to managed service providers to help.

NCUA Statement for Credit Unions Using MSPs

Managed service providers (MSPs) may be popular choices for smaller banks and credit unions to leverage to manage their IT and security functions. Not only are credit unions responsible for meeting all required regulations, but they must ensure the MSPs they work with meet the regulations as well, as outlined in the NCUA’s statement about working with service providers:

Credit union officials are responsible for planning, directing, and controlling the credit union’s affairs. To fulfill these duties, the officials should require a due diligence review prior to entering into any arrangement with a third party.  Each credit union should:

  • Exercise appropriate due diligence in selecting its service providers;
  • Require its service providers by contract to implement appropriate measures designed to meet the objectives of these guidelines; and
  • Where indicated by the credit union’s risk assessment, monitor its service providers to confirm that they have satisfied their obligations

If you use an MSP and need an affordable solution that also satisfies these NCUA requirements, introduce us via email using [email protected] or have your MSP get started at blumira.com/msp

How Blumira Can Help

The FFIEC states “because logs can be large and difficult to analyze by humans, management should consider using tools to automate log analysis and extract important events or patterns. Automated tools can help identify anomalies and automatically alert management to potential issues or events.”

Blumira is made for smaller IT teams with limited security resources. By collecting, centralizing, and analyzing logs, Blumira helps smaller banks and credit unions with NCUA and FFIEC cybersecurity regulations, while providing guidance and support for threat response:

  • An easy-to-setup, centralized log monitoring solution delivered through a cloud SIEM
  • Automated detection rules rolled out immediately at deployment, tuned for false positives
  • Wide integrations with documentation to support hybrid cloud and on-prem environments
  • Instructions sent with every finding for any IT admin to easily follow for threat response
  • 24/7 security operations support for critical priority issues

The FFIEC also states, “Management should implement controls to protect logs to preserve their integrity and prevent log information from being misused.” 

Blumira protects log data both in transit and at rest to ensure attackers cannot gain access to log archives to read, and our platform maintains raw log data while tracking and identifying log messages to ensure data integrity and validation. We also validate incoming logs haven’t been tampered with and alert customers if any audit logs are cleared.

Learn more about how Blumira helps financial services companies and with FFIEC compliance

Blumira Free SIEM Simplifies Security For Credit Unions

SMBs and organizations of all sizes can sign up for the Blumira Free SIEM edition to get:

  • Coverage for unlimited users and data*
  • Choose up to 3 cloud applications including Microsoft 365 and Google Workspace 
  • Easy, guided setup with Cloud Connectors — in minutes
  • Detections automatically rolled out to your account, fine-tuned to filter out the noise
  • Summary dashboard of key findings and security reports
  • Playbooks with each finding to guide you through response steps
  • Two weeks of log data retention — upgrade for up to one year

Sign Up For Your Free Account Today. No Credit Card Required.

Free Trial

Security news and stories right to your inbox!