Resources for Federal Financial Institutions Examination Council (FFIEC)
Decoding the FAQs on the FFIEC Guidance on Authentication in an Internet Banking Environment
Bank Info Security Description: Since its release on October 12, 2005, the FFEIC Guidance on Authentication in an Internet Banking Environment, has created a great deal of confusion, uncertainty, and speculation and raised many questions as to what is actually required to comply with the guidance. Many have interpreted the Guidance deadline of December 31, 2006 to only apply to the completion of a risk assessment, others understood the Guidance to require the implementation of multifactor authentication, and some are confused as to who and even what the Guidance applies to.
In an effort to clarify the myriad of questions the Guidance evoked, the Agencies recently jointly developed and released a compilation of the most frequently asked questions received from financial institutions, examiners, and technology service providers concerning the October 12, 2005 Guidance. The Agencies provide direct answers to specific questions such as:
Does the Guidance require the use of multifactor authentication?
Are there banking applications where single factor authentication as the only control mechanism would be adequate?
Are the Agencies recommending multifactor authentication over layered security or other compensating controls?
What do the Agencies expect institutions to have accomplished by year-end 2006
What if a solution cant be implemented by year-end
View the Resource
Share or bookmarklet this web page at:
|
RSS Feeds
