NCUA Cybersecurity Examination Readiness: What Credit Unions Need to Know Before the Examiner Arrives

Credit unions face a distinct regulatory environment. Unlike banks, which are examined by the OCC, FDIC, or Federal Reserve, federally insured credit unions answer to the National Credit Union Administration. The NCUA has steadily elevated cybersecurity as an examination priority, and its Automated Cybersecurity Examination Tool (ACET) gives examiners a structured framework for assessing how well your credit union identifies, protects against, detects, responds to, and recovers from cyber threats.

Many credit union staff and leadership teams understand that cybersecurity examinations happen. Fewer understand exactly what examiners are looking for, how maturity is evaluated across the ACET's five domains, or what evidence is expected before the examiner walks in the door. That gap is what this course closes.

You will learn how the NCUA's examination authority works and how cybersecurity fits into the broader supervisory process. You will understand the ACET's inherent risk profile and maturity levels, what the difference between Baseline and Intermediate looks like in practice, and why your maturity level relative to your risk profile matters more than hitting any single checkbox. You will work through governance expectations, written information security program requirements under the Gramm-Leach-Bliley Act Safeguards Rule, access control and authentication standards, and the NCUA's incident notification rule and what the 72-hour reporting window actually requires.

The course also covers third-party and vendor risk management, including the unique considerations that apply to Credit Union Service Organizations (CUSOs), and closes with a practical examination preparation module: what evidence to collect, how to organize it, what common findings look like, and how to respond when an examiner identifies a gap.

Whether you are preparing for your first NCUA cybersecurity examination, trying to close findings from a prior cycle, or building a compliance program that will hold up over time, this course gives you the framework and the specifics to walk into the examination ready.

Who This Is For

Credit union IT and security staff preparing for an NCUA examination
Credit union CEOs, CFOs, and board members who need to understand what examiners assess
Compliance officers building or documenting a written information security program
Credit unions that received examination findings and need to understand the path to remediation

What's Covered

The NCUA's Examination Authority and How Cybersecurity Oversight Works
The ACET Framework: Inherent Risk, Maturity Levels, and the Five Domains
Governance and Risk Management: What Examiners Evaluate First
Information Security Program Requirements: GLBA, the Safeguards Rule, and the NCUA's Expectations
Access Controls, Authentication, and Identity Management
Incident Response and the NCUA's 72-Hour Notification Requirement
Vendor Risk Management, CUSOs, and External Dependency Oversight
Preparing for the Examination: Evidence Collection, Common Findings, and the Examination Process

$99.00

One-time payment. Lifetime access. Access link delivered by email.

Already purchased? Resend access link