Cybersecurity Assessment Tool

Cybersecurity Assessment
Tool Software

Complete your cybersecurity assessments with Tandem

Complete the FFIEC's Cybersecurity Assessment Tool (CAT) in an easy, efficient, and repeatable way.

Tandem has taken the CAT and turned it into a living, online framework that streamlines the way financial institutions complete their cybersecurity assessments.


Review visual representations of your assessments.

Evaluate useful insights into your cybersecurity risk and maturity, as well as a series of reports, designed to ensure your assessment does not contain any missing or incomplete data.

Management Tools

Simplify your workload by using Tandem's assessment management tools.

Delegate responsibility for assessment questions or categories, schedule follow-up tasks and notifications, and copy previous assessments when it's time for an update.

Peer Analysis

Gain perspective into your assessment results by anonymously comparing your answers with the answers of more than 700 other organizations who have completed their assessments with Tandem.

CAT Features

Request Access
Get a Quote
Answer questions provided in the FFIEC Cybersecurity Assessment Tool (CAT)
Analyze the institution's Inherent Risk and Cybersecurity Maturity
Review a plan of action, designed to facilitate responses to gaps in the assessment
Run various reports to model data in an easy-to-read format
Optionally participate in peer analysis to anonymously compare results with other financial institutions
Review mapped guidance (e.g. NIST, FFIEC IT Booklets)
Download result in the ACET Excel spreadsheet format designed by the NCUA
Create a new assessment by copying a previously completed assessment
Assign user access to specific categories and questions
Share your assessments securely by granting users read-only access
Upload file attachments as substantiated evidence to validate answers
Compare assessment details with a dashboard and comparison document download
Filter peer data by regulatory body and asset size and export the peer data in presentation‑ready documents
Add your organization's risk appetite statement to the report to the board
Flag questions for follow up at a later time
Document revisions and board approval of each assessment with a revision/approval log

CAT Features


See More Request Access


See More Get a Quote
Are you interested in
Cybersecurity Assessment Tool Software?

Frequently Asked Questions

The peer analysis feature uses anonymous aggregate peer data to see how you compare with other Tandem customers in this ever-evolving cyber landscape. You can choose to include or exclude your data in the anonymous peer data set at any time.

With the Pro version, you can filter the peer results by regulatory body and asset size.

Yes. Tandem Support is available 8:00 AM – 5:00 PM (CT), Monday through Friday to answer your questions about Tandem application features.

You are also invited to attend our annual KEYS conference to connect with other users and learn from Tandem experts.

For cybersecurity consulting, check out our partners. Tandem partners can assist with item such as:

  • Annual cybersecurity training for your Board of Directors
  • Assistance with reporting your cybersecurity assessment results to the Board
  • Consulting services, related to the FFIEC Cybersecurity Assessment Tool
  • Employee training on the Tandem Cybersecurity module

Tandem Support is pleased to offer complimentary training webinars twice a month for our customers, and recordings of those training sessions are available on-demand.

A Knowledge Base is available with articles to help you learn about Tandem. You can stay up-to-date on our latest features by subscribing to our Software Update emails.

Personal training is also available by request for an additional fee.

Yes. Tandem maintains high marks through the following testing: SSAE 18 SOC 1 Type 2, CompTIA Security Trustmark+, internal audits and assessments, quarterly penetration tests.

Security controls include:

  • Secure data transmission between your browser and your servers
  • Data encrypted at rest using AES-256
  • User passwords are hashed and salted
  • Datacenter protected by firewall and intrusion detection/prevention systems (IDS/IPS)
  • Redundant Internet connections
  • Multifactor authentication options
  • Single Sign On (SSO) integration using SAML 2.0
  • IP address restrictions
  • User activity log
  • User access roles/restrictions

Tandem products are delivered via the Internet as Software as a Service (SaaS) applications. Tandem can be accessed from any device with a modern browser. No software installation or special equipment is required.

New features and updates are included with your annual subscription and automatically available. Each new feature is documented in our Software Updates blog.

Yes. All Tandem products are available under the same secure website.

Each baseline maturity statement includes a reference option which can be enabled to display areas of Tandem (e.g., Policies, Business Continuity Plan, Vendor Management, etc.) where the concept may be addressed, if using Tandem recommended content.

Yes. With a single login you can manage several companies' cybersecurity assessments (requires a subscription for each company).

Ready to see what Tandem can do for you?