See which audit requirements you can address to pass FFIEC audits

The provisions of the Gramm-Leach-Bliley Act (GLBA) that regulate the security of nonpublic personal information are presented in Title V – Privacy. These provisions stipulate that financial institutions doing business in the United States must establish appropriate information security controls to:
Ensure the security and confidentiality of customer records and information
Protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer
Protect against any anticipated threats or hazards to the security or integrity of such records
The Federal Financial Institutions Examination Council (FFIEC) designs and supervises audits for most federal agencies that oversee financial institutions. The FFIEC provides extensive guidelines for information security and risk management that help financial organizations achieve and prove compliance with GLBA safeguards and rules. Netwrix Auditor can help you pass GLBA audits by ensuring continuous compliance with the following FFIEC requirements:
II. Information Security Program Management
  • II.A Risk Identification
  • II.B Risk Measurement
  • II.C Risk Mitigation
  • II.C.7 User Security Controls
  • II.C.10 Change Management Within the IT Environment
  • II.C.10(a) Configuration Management
  • II.C.13 Control of Information
  • II.C.13(a) Storage
  • II.C.15 Logical Security
  • II.C.22 Log Management
  • II.D Risk Monitoring and Reporting
III. Security Operations
  • III.A Threat Identification and Assessment
  • III.B Threat Monitoring
  • III.C Incident Identification and Assessment
  • III.D Incident Response
Learn more about how Netwrix Auditor can help you pass FFIEC compliance audits.
Download Netwrix (.pdf)
Depending on the configuration of your IT systems, your internal procedures, the nature
of your business and other
factors, Netwrix Auditor might also facilitate compliance with
provisions of the FFIEC IT Handbook not listed above.

Find out how exactly Netwrix Auditor can support your compliance program

The Netwrix Auditor solution enables control over changes, access events and configurations to help ensure the confidentiality, integrity and availability of sensitive financial data in both on-premises and cloud-based IT systems and applications. This GLBA compliance software provides security intelligence to identify security holes, streamline user behavior analysis and investigate threat patterns in time to prevent disclosure of customer personal information.
Get a bird’s-eye view of your security weak spots
You don’t need to have a separate GLBA risk assessment software tool; with Netwrix Auditor, you get risk assessment and other compliance functionality all in one solution. It provides an overview of your security gaps in three major areas: account management, security permissions and data governance.
Discover and mitigate customer financial data outside of a secure location
Netwrix Auditor reports on the exact location of regulated data stored on your file servers. Regularly review this information to detect sensitive data that surface outside of a secure location in a timely manner to minimize the risk of a data breach. See exactly which data is at risk so you can protect it appropriately.
Stay on top of malicious activity
Get alerted about all suspicious activity to block attacks in their early stages. For example, a login attempt to one of your network devices using the credentials of a disabled account might indicate external attackers trying to lay their hands on your critical resources.
Streamline regular attestations of access rights to sensitive financial records
Improve the security of customer financial data with regular monitoring of data access rights. Verify that permissions are aligned with your enterprise security policy and employees’ job description. Contact data owners to get them involved in determining who should be able to view, edit, share or delete sensitive data.
Quickly get answers to unexpected questions from auditors
Unlike native log management tools, Netwrix Auditor enables you to quickly find the information in your complete audit trail; just fine-tune your search criteria until you find the exact information you need.

Read our case studies to discover why financial companies make Netwrix Auditor an inherent part of their compliance programs

customer success
Forreston State Bank saves 8 hours a week on auditing processes and ensures continuous compliance with FFIEC and GLBA requirements.
Read the Story
customer success
Bank of the South consistently receives high ratings from the examiners and stays compliant with GLBA and PCI DSS regulatory standards.
Read the Story