Cybersecurity Assessment Tool
Cybersecurity Assessment
Tool Software
Complete your cybersecurity assessments with Tandem
Sign Up for Cybersecurity Assessment Tool (CAT) Updates
We are hard at work updating our current assessment tool. The updated product will empower you to manage and comply with multiple frameworks, offering greater flexibility and insight into your cybersecurity posture.
Please sign up to receive up-to-date announcements about the tool including the official release.
Complete the FFIEC's Cybersecurity Assessment Tool (CAT) in an easy, efficient, and repeatable way.
Tandem has taken the CAT and turned it into a living, online framework that streamlines the way financial institutions complete their cybersecurity assessments.
Dashboards
Review visual representations of your assessments.
Evaluate useful insights into your cybersecurity risk and maturity, as well as a series of reports, designed to ensure your assessment does not contain any missing or incomplete data.
Management Tools
Simplify your workload by using Tandem's assessment management tools.
Delegate responsibility for assessment questions or categories, schedule follow-up tasks and notifications, and copy previous assessments when it's time for an update.
Peer Analysis
Gain perspective into your assessment results by anonymously comparing your answers with the answers of more than 700 other organizations who have completed their assessments with Tandem.
CAT Features |
Free
Request Access
|
Pro
Get a Quote
|
---|---|---|
Answer questions provided in the FFIEC Cybersecurity Assessment Tool (CAT) | ||
Analyze the institution's Inherent Risk and Cybersecurity Maturity | ||
Review a plan of action, designed to facilitate responses to gaps in the assessment | ||
Run various reports to model data in an easy-to-read format | ||
Optionally participate in peer analysis to anonymously compare results with other financial institutions | ||
Review mapped guidance (e.g. NIST, FFIEC IT Booklets) | ||
Download result in the ACET Excel spreadsheet format designed by the NCUA | ||
Create a new assessment by copying a previously completed assessment | ||
Assign user access to specific categories and questions | ||
Share your assessments securely by granting users read-only access | ||
Upload file attachments as substantiated evidence to validate answers | ||
Compare assessment details with a dashboard and comparison document download | ||
Filter peer data by regulatory body and asset size and export the peer data in presentation‑ready documents | ||
Add your organization's risk appetite statement to the report to the board | ||
Flag questions for follow up at a later time | ||
Document revisions and board approval of each assessment with a revision/approval log |
Frequently Asked Questions
The peer analysis feature uses anonymous aggregate peer data to see how you compare with other Tandem customers in this ever-evolving cyber landscape. You can choose to include or exclude your data in the anonymous peer data set at any time.
With the Pro version, you can filter the peer results by regulatory body and asset size.
Yes. Tandem Support is available 8:00 AM – 5:00 PM (CT), Monday through Friday to answer your questions about Tandem application features.
You are also invited to attend our annual KEYS conference to connect with other users and learn from Tandem experts.
For cybersecurity consulting, check out our partners. Tandem partners can assist with item such as:
- Annual cybersecurity training for your Board of Directors
- Assistance with reporting your cybersecurity assessment results to the Board
- Consulting services, related to the FFIEC Cybersecurity Assessment Tool
- Employee training on the Tandem Cybersecurity module
Tandem Support is pleased to offer complimentary training webinars twice a month for our customers, and recordings of those training sessions are available on-demand.
A Knowledge Base is available with articles to help you learn about Tandem. You can stay up-to-date on our latest features by subscribing to our Software Update emails.
Personal training is also available by request for an additional fee.
Yes. Tandem maintains high marks through the following testing: SSAE 18 SOC 1 Type 2, CompTIA Security Trustmark+, internal audits and assessments, quarterly penetration tests.
Security controls include:
- Secure data transmission between your browser and your servers
- Data encrypted at rest using AES-256
- User passwords are hashed and salted
- Datacenter protected by firewall and intrusion detection/prevention systems (IDS/IPS)
- Redundant Internet connections
- Multifactor authentication options
- Single Sign On (SSO) integration using SAML 2.0
- IP address restrictions
- User activity log
- User access roles/restrictions
Tandem products are delivered via the Internet as Software as a Service (SaaS) applications. Tandem can be accessed from any device with a modern browser. No software installation or special equipment is required.
New features and updates are included with your annual subscription and automatically available. Each new feature is documented in our Software Updates blog.
Yes. All Tandem products are available under the same secure website.
Each baseline maturity statement includes a reference option which can be enabled to display areas of Tandem (e.g., Policies, Business Continuity Plan, Vendor Management, etc.) where the concept may be addressed, if using Tandem recommended content.
Yes. With a single login you can manage several companies' cybersecurity assessments (requires a subscription for each company).