Cybersecurity Assessment Tool
Complete your cybersecurity assessments with Tandem
Complete the FFIEC's Cybersecurity Assessment Tool (CAT) in an easy, efficient, and repeatable way.
Tandem has taken the CAT and turned it into a living, online framework that streamlines the way financial institutions complete their cybersecurity assessments.
Review visual representations of your assessments.
Evaluate useful insights into your cybersecurity risk and maturity, as well as a series of reports, designed to ensure your assessment does not contain any missing or incomplete data.
Simplify your workload by using Tandem's assessment management tools.
Delegate responsibility for assessment questions or categories, schedule follow-up tasks and notifications, and copy previous assessments when it's time for an update.
Gain perspective into your assessment results by anonymously comparing your answers with the answers of more than 700 other organizations who have completed their assessments with Tandem.
Upload file attachments to each statement with Tandem Cybersecurity Pro.
Storing your documentation in this way helps validate your answers and ensure your assessment is audit and examination ready. Export the attachments, along with your assessment spreadsheet in a .zip folder.
Copy and compare your assessments with Tandem Cybersecurity Pro.
Observe your organization's improvement over time with a dashboard, designed to show long-term trends in risk and maturity, and a version comparison download, designed to summarize and present the differences between two assessments.
Generate an action plan to improve your cybersecurity maturity to reach the target levels defined by your organization's board of directors and senior management.
Create and assign tasks to ensure follow through on action items, ultimately improving your maturity.
Generate consistent and professional documents effortlessly.
Share your full assessment with your auditors and examiners, a summary report with your board of directors, or a comparison between two versions with your senior management.
These customizable documents are available in Microsoft Word, Microsoft Excel, and Adobe PDF formats.
ProGet a Quote
|Answer questions provided in the FFIEC Cybersecurity Assessment Tool (CAT)|
|Analyze the institution's Inherent Risk and Cybersecurity Maturity|
|Review a plan of action, designed to facilitate responses to gaps in the assessment|
|Run various reports to model data in an easy-to-read format|
|Optionally participate in peer analysis to anonymously compare results with other financial institutions|
|Review mapped guidance (e.g. NIST, FFIEC IT Booklets)|
|Download result in the ACET Excel spreadsheet format designed by the NCUA|
|Create a new assessment by copying a previously completed assessment|
|Assign user access to specific categories and questions|
|Share your assessments securely by granting users read-only access|
|Upload file attachments as substantiated evidence to validate answers|
|Compare assessment details with a dashboard and comparison document download|
|Filter peer data by regulatory body and asset size and export the peer data in presentation‑ready documents|
|Add your organization's risk appetite statement to the report to the board|
|Flag questions for follow up at a later time|
|Document revisions and board approval of each assessment with a revision/approval log|
- Answer questions provided in the FFIEC Cybersecurity Assessment Tool (CAT)
- Analyze the institution's Inherent Risk and Cybersecurity Maturity
- Review a plan of action, designed to facilitate responses to gaps in the assessment
- Run various reports to model data in an easy-to-read format
- Optionally participate in peer analysis to anonymously compare results with other financial institutions
- Review mapped guidance (e.g. NIST, FFIEC IT Booklets)
- Download result in the ACET Excel spreadsheet format designed by the NCUA
- Create a new assessment by copying a previously completed assessment
- Assign user access to specific categories and questions
- Share your assessments securely by granting users read-only access
- Upload file attachments as substantiated evidence to validate answers
- Compare assessment details with a dashboard and comparison document download
- Filter peer data by regulatory body and asset size and export the peer data in presentation‑ready documents
- Add your organization's risk appetite statement to the report to the board
- Flag questions for follow up at a later time
- Document revisions and board approval of each assessment with a revision/approval log
Frequently Asked Questions
The peer analysis feature uses anonymous aggregate peer data to see how you compare with other Tandem customers in this ever-evolving cyber landscape. You can choose to include or exclude your data in the anonymous peer data set at any time.
With the Pro version, you can filter the peer results by regulatory body and asset size.
Yes. Tandem Support is available 8:00 AM – 5:00 PM (CT), Monday through Friday to answer your questions about Tandem application features.
You are also invited to attend our annual KEYS conference to connect with other users and learn from Tandem experts.
For cybersecurity consulting, check out our partners. Tandem partners can assist with item such as:
- Annual cybersecurity training for your Board of Directors
- Assistance with reporting your cybersecurity assessment results to the Board
- Consulting services, related to the FFIEC Cybersecurity Assessment Tool
- Employee training on the Tandem Cybersecurity module
Tandem Support is pleased to offer complimentary training webinars twice a month for our customers, and recordings of those training sessions are available on-demand.
A Knowledge Base is available with articles to help you learn about Tandem. You can stay up-to-date on our latest features by subscribing to our Software Update emails.
Personal training is also available by request for an additional fee.
Yes. Tandem maintains high marks through the following testing: SSAE 18 SOC 1 Type 2, CompTIA Security Trustmark+, internal audits and assessments, quarterly penetration tests.
Security controls include:
- Secure data transmission between your browser and your servers
- Data encrypted at rest using AES-256
- User passwords are hashed and salted
- Datacenter protected by firewall and intrusion detection/prevention systems (IDS/IPS)
- Redundant Internet connections
- Multifactor authentication options
- Single Sign On (SSO) integration using SAML 2.0
- IP address restrictions
- User activity log
- User access roles/restrictions
Tandem products are delivered via the Internet as Software as a Service (SaaS) applications. Tandem can be accessed from any device with a modern browser. No software installation or special equipment is required.
New features and updates are included with your annual subscription and automatically available. Each new feature is documented in our Software Updates blog.
Yes. All Tandem products are available under the same secure website.
Each baseline maturity statement includes a reference option which can be enabled to display areas of Tandem (e.g., Policies, Business Continuity Plan, Vendor Management, etc.) where the concept may be addressed, if using Tandem recommended content.
Yes. With a single login you can manage several companies' cybersecurity assessments (requires a subscription for each company).