RegScale Announces Support for the FFIEC CAT

July 28, 2022 | By J. Travis Howerton

In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) was developed to help institutions identify their risks and determine their cybersecurity preparedness. The Assessment provides a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time.

At RegScale, we give financial services organizations easy and free tools to get started with building a fully compliant FFIEC program with support for tracking policies, related assessments, evidence collection, issues management/performance improvement, and other related workflows. As of July 28, 2022, RegScale has announced that we officially support the FFIEC CAT as a catalog within our platform with automated tools/wizards for building compliant assessment programs. In addition, we have published multiple machine readable formats of FFIEC CAT including an Excel spreadsheet, raw JSON, and NIST OSCAL that are available upon request. These artifacts are freely available for others to reuse in their compliance automation programs using machine readable formats.

Schedule a free demo today to learn how RegScale can help you continuously meet your FFIEC requirements. If you are ready to start automating your compliance processes for creating and managing FFIEC requirements, this demo will also show how you can leverage RegScale to deliver continuous compliance. In addition to offering free tools, we have experienced compliance professionals who can assist you in creating robust FFIEC compliance artifacts that will help you pass audits and reduce your risk with ease. With RegScale, our customers get software with a service to provide a concierge like experience for reducing risk related to their financial services systems.

Ready to get started?

Choose the path that is right for you! 

Skip the line

My organization doesn’t have GRC tools yet and I am ready to start automating my compliance with continuous monitoring pipelines now. 


My organization already has legacy compliance software, but I want to automate many of the manual processes that feed it.