An official website of the United States government
Parts of this site may be down for maintenance from Thursday, December 19, 9:00 p.m. Sunday, December 22, 9:00 a.m. (Eastern).
Share This Page:
The Cybersecurity Supervision Work Program (CSW) is a component of the Office of the Comptroller of the Currency’s (OCC) risk-based bank information technology (BIT) supervision process. The CSW provides high-level examination objectives and procedures that are aligned with existing supervisory guidance and the National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF).
The CSW is structured according to the five NIST-CSF functions—Identify, Protect, Detect, Respond, and Recover—and the related categories and subcategories. This alignment provides examiners with a common framework and terminology in discussions with bank management.
The attachment to OCC Bulletin 2023-22, “Cybersecurity: Cybersecurity Supervision Work Program,” summarizes the CSW’s high-level objectives and the corresponding categories and subcategories. Examiners apply a risk-based approach when completing the CSW and supplement their assessments using the following references:
The OCC continues to encourage use of standardized approaches to assess and improve cybersecurity preparedness. National banks and federal savings associations may choose from a variety of standardized tools and frameworks available, including the FFIEC Cybersecurity Assessment Tool. The OCC sets no new regulatory expectations with its issuance of the CSW.