Assessment

Laws or related obligations

Cybersecurity

Financial Services Sector Cybersecurity Profile (FSSCP)

This download includes the FSSC Profile requirements and mapped questions that you can use to assess your organisation. The FSSC Profile is a scalable and extensible assessment that financial institutions of all types can use for internal and external (i.e., third party) cyber risk management assessment and as a mechanism to evidence compliance with various regulatory frameworks (a common college application for regulatory complianceĂÂ) both within the United States and globally. The Profile includes 277 requirements across 31 Categories:

Strategy and Framework (GV.SF)
Risk Management (GV.RM)Policy (GV.PL)
Roles and Responsibilities (GV.RR)
Security Program (GV.SP)
Independent Risk Management Function (GV.IR)
Audit (GV.AU)
Technology (GV.TE)
Asset Management (ID.AM)
Risk Assessment (ID.RA)
Identity Management and Access Control (PR.AC)
Awareness and Training (PR.AT)
Data Security (PR.DS)
Information Protection Processes and Procedures (PR.IP)
Maintenance (PR.MA)
Protective Technology (PR.PT)
Anomalies and Events (DE.AE)
Security Continuous Monitoring (DE.CM)
Detection Processes (DE.DP)
Response Planning (RS.RP)
Communications (RS.CO)
Analysis (RS.AN)
Mitigation (RS.MI)
Improvements (RS.IM)
Recovery Planning (RC.RP)
Improvements (RC.IM)
Communications (RC.CO)
Internal Dependencies (DM.ID)
External Dependencies (DM.ED)
Resilience (DM.RS)
Business Environment (DM.BE)

Sector(s):

Financial

Jurisdiction(s):

Risk Library

52 Risks

Jurisdiction: All
Category: Business

Learn More

Assessment

6clicks Essential Controls Assessment

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

6clicks Pandemic Assessment

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

6clicks Scope Assessment

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

Acceptable Use

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

APRA CPS 234 Question Set

Jurisdiction: Australia
Category: Cybersecurity

Learn More

Assessment

ASD Essential 8 Maturity Assessment

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

Australian Energy Sector Cyber Security Framework (AESCSF) Question Set

Jurisdiction: Australia
Category: Cybersecurity

Learn More

Risk Library

Board Top Risks

Jurisdiction: All
Category: Business

Learn More

Control

Business Continuity - Control Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Risk Library

Business Continuity

Jurisdiction: All
Category: Business

Learn More

Risk Library

CompLeR Core

Jurisdiction: All
Category: Business

Learn More

Risk Library

CompLeR Sector

Jurisdiction: All
Category: Business

Learn More

Assessment

Consensus Assessments Initiative Questionnaire (CAIQ) Lite

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment Control

Consensus Assessments Initiative Questionnaire v3.0.1

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

Cyber and Information Security Framework

Jurisdiction: All
Category: Cybersecurity

Learn More

Risk Library

Cyber Security

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

Cybersecurity Maturity Model Certification (CMMC) Question Set

Jurisdiction: USA
Category: Cybersecurity

Learn More

Risk Library

Environmental Risks

Jurisdiction: All
Category: Business

Learn More

Control

FedRAMP Security Controls

Jurisdiction: USA
Category: Cybersecurity

Learn More

Assessment

Financial Services Sector Cybersecurity Profile (FSSCP) Question Set

Jurisdiction: USA
Category: Cybersecurity

Learn More

Risk Library

General Business

Jurisdiction: All
Category: Business

Learn More

Control

Human Resources Security

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

Identity and Access

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

Information Security Issue Management

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

Information Security Manual (ISM) - July 2020 Question Set

Jurisdiction: Australia
Category: Cybersecurity

Learn More

Assessment

Information Security Manual (ISM) - March 2020 Question Set

Jurisdiction: Australia
Category: Cybersecurity

Learn More

Laws or related obligations

ISO 45001:2018 Occupational Health And Safety Management System (OHMS)

Jurisdiction: All
Category: Workplace Health & Safety

Learn More

Assessment

ISO/IEC 27001:2013 Annex A Question Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

ISO/IEC 27001:2013 Question Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

IT Operations Security

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

MAS 655 Notice on Cyber Hygiene Question Set

Jurisdiction: Singapore
Category: Cybersecurity

Learn More

Control

Network Security

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

NIST Cyber Security Framework (CSF) Question Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

NIST SP800-161 Question Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

NIST SP800-171 r2 Question Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

NSW Cyber Security Policy (NSW CSP) Question Set

Jurisdiction: New South Wales
Category: Cybersecurity

Learn More

Risk Library

OH&S Risks

Jurisdiction: All
Category: Workplace Health & Safety

Learn More

Assessment

OWASP Secure Medical Device Deployment Standard (SMDDS) Question Set

Jurisdiction: All
Category: Cybersecurity

Learn More

Risk Library

Pandemic Risks

Jurisdiction: All
Category: Business

Learn More

Assessment

PCI-DSS Security Assessment Questionnaire (SAQ) A-EP

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

Physical and Environmental Security

Jurisdiction: All
Category: Cybersecurity

Learn More

Risk Library

Project Management

Jurisdiction: All
Category: Business

Learn More

Assessment

Queensland Information Security Policy (IS18:2018) Question Set

Jurisdiction: Queensland
Category: Cybersecurity

Learn More

Assessment

SA Cyber Security Framework (CSF) Question Set

Jurisdiction: South Australia
Category: Cybersecurity

Learn More

Assessment

Secure Controls Framework (SCF) Assessment

Jurisdiction: All
Category: Cybersecurity Privacy

Learn More

Assessment

SOC 2 Trusted Services Criteria Question Set

Jurisdiction: USA
Category: Cybersecurity

Learn More

Risk Library

Startups & New Ventures

Jurisdiction: All
Category: Business

Learn More

Control

Supplier Security

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

System Acquisition and Development

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

TAS Information Security Framework (ISF) Question Set

Jurisdiction: Tasmania
Category: Cybersecurity

Learn More

Assessment

UAE Information Assurance (IA) Assessment

Jurisdiction: UAE
Category: Cybersecurity

Learn More

Assessment

UK NCSC Cyber Essentials Question Set

Jurisdiction: UK
Category: Cybersecurity

Learn More

Assessment

Victorian Protective Data Security Standards 2.0 (VPDSS) Question Set

Jurisdiction: Victoria
Category: Cybersecurity

Learn More

Assessment

VSA Questionnaire

Jurisdiction: All
Category: Cybersecurity

Learn More

Assessment

WA Digital Security Policy (DSP) Question Set

Jurisdiction: Western Australia
Category: Cybersecurity

Learn More

Laws or related obligations

Work Health and Safety Act 2011

Jurisdiction: Australia
Category: Legislation Workplace Health & Safety

Learn More

Laws or related obligations

Work Health and Safety Regulations 2011

Jurisdiction: Australia
Category: Workplace Health & Safety

Learn More

Control

Australian Financial Services (AFS) License Control Set

Jurisdiction: Australia
Category: Financial Services

Learn More

Control

COBIT 19

Jurisdiction: All
Category: Cybersecurity

Learn More

Laws or related obligations

Fair Work Act 2009

Jurisdiction: Australia
Category: Workplace Health & Safety

Learn More

Control

SWIFT Customer Security Controls Framework (CSCF)

Jurisdiction: All
Category: Cybersecurity

Learn More

Control

CERT NZ's Top ten critical controls

Jurisdiction: New Zealand
Category: Cybersecurity

Learn More

Playbook

Ransomware Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Cloud Email Compromise Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Create Account (Backdoor User Accounts) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Credential Access (Password Spraying) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Cyber Blackmail Incident Reponse Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Defense Evasion (Disabling Security Software) Incident Reponse Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Denial of Service (DOS) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Device Theft/Loss Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Malware Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Money Mule Scams (CEO Fraud) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Phishing Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Resource Development (Compromise Accounts) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Scam Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Social Engineering Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Credential Access (Unsecured Credentials) Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Drive By Compromise Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Group Policy Modification Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Playbook

Insider Abuse Incident Response Playbook

Jurisdiction: All
Category: Cybersecurity

Learn More

Project

ISO 31000:2009 Risk management

Jurisdiction: All
Category: Risk Management

Learn More

Project

ISO27005:2008 Information Security Risk Management

Jurisdiction: All
Category: Risk Management

Learn More

Project

MEHARI 2010: Processing guide for risk analysis and management

Jurisdiction: All
Category: Risk Management

Learn More

Project

NIST SP 800-30 r1 guide for Conducting Risk Assessments

Jurisdiction: USA
Category: Risk Management

Learn More

Project

NIST Special Publication 800-39: Managing Information Security Risk

Jurisdiction: USA
Category: Risk Management

Learn More

Project

The DREAD Risk Assessment Model

Jurisdiction: All
Category: Risk Management

Learn More

Project

The STRIDE Threat Model

Jurisdiction: All
Category: Risk Management

Learn More

Control

6clicks General Financial Controls

Jurisdiction: All
Category: Financial Services

Learn More

Content Library

Access our comprehensive library of best-practice content and guidance from recognized authorities and industry-leading organizations.

Reimagine risk and experience Hailey AI

Financial Services Sector Cybersecurity Profile (FSSCP)

Sector(s):

Jurisdiction(s):

Filter By:

Filter By:

Filter By:

52 Risks

6clicks Essential Controls Assessment

6clicks Pandemic Assessment

6clicks Privacy Impact Assessment (PIA)

6clicks Scope Assessment

Acceptable Use

APRA CPS 234

APRA CPS 234 Question Set

ASD Essential 8

ASD Essential 8 Maturity Assessment

ASIC Regulatory Guide 270: Whistleblower Policies

Australian Anti Money Laundering and Counter Terrorism Financing Act 2006

Australian Anti Money Laundering and Counter Terrorism Financing Rules Instrument 2007 (No. 1)

Australian Energy Sector Cyber Security Framework (AESCSF)

Australian Energy Sector Cyber Security Framework (AESCSF) Question Set

Australian Privacy Principles (Comprehensive)

Australian Privacy Principles (Simplified)

Board Top Risks

Business Continuity - Control Set

Business Continuity

COBIT 5.0

CompLeR Core

CompLeR Sector

Consensus Assessments Initiative Questionnaire (CAIQ) Lite

Consensus Assessments Initiative Questionnaire v3.0.1

Corporations Act 2001

CSA IoT Security Controls Framework

Cyber and Information Security Framework

Cyber Security

Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification (CMMC) Question Set

Environmental Risks

FedRAMP Security Controls

Financial Services Sector Cybersecurity Profile (FSSCP)

Financial Services Sector Cybersecurity Profile (FSSCP) Question Set

General Business

General Data Protection Regulation (GDPR)

Human Resources Security

Identity and Access

Information Security Issue Management

Information Security Manual (ISM) - December 2020

Information Security Manual (ISM) - July 2020

Information Security Manual (ISM) - July 2020 Question Set

Information Security Manual (ISM) - March 2020

Information Security Manual (ISM) - March 2020 Question Set

Information Security Manual (ISM) - October 2020

ISO 14001:2016 Environmental Management System (EMS)

ISO 22301:2020 Business Continuity Management System (BCMS)

ISO 45001:2018 Occupational Health And Safety Management System (OHMS)

ISO 9001:2016 Quality Management Systems (QMS)

ISO/IEC 27001:2013

ISO/IEC 27001:2013 Annex A

ISO/IEC 27001:2013 Annex A Question Set

ISO/IEC 27001:2013 Question Set

IT Operations Security

Jericho Forum Commandments

MAS 655 Notice on Cyber Hygiene

MAS 655 Notice on Cyber Hygiene Question Set

Modern Slavery Act 2018

Network Security

NIST Cyber Security Framework (CSF)

NIST Cyber Security Framework (CSF) Question Set

NIST SP800 53 r3

NIST SP800 53 r4

NIST SP800-161

NIST SP800-161 Question Set

NIST SP800-171 r2

NIST SP800-171 r2 Question Set

NSW Cyber Security Policy (NSW CSP)

NSW Cyber Security Policy (NSW CSP) Question Set

OH&S Risks