NCUA Letter to Credit Unions No. 24-CU-02:  The NCUA issued a letter with regard to engagement in cybersecurity oversight by boards of directors.  This would include ongoing education about current cybersecurity threats, trends and best practices.  Oversight also includes third-party due diligence and ensuring cybersecurity is a core value within the credit union.

NCUA Cyber Incident Notification Requirements:  Effective September 2023, federally insured credit unions which experience a reportable cyber incident must report the incident to NCUA as soon as possible and no later than 72 hours after the credit union reasonably believes it has experienced a reportable cyber incident.

NCUA Cybersecurity Resources:  NCUA provides a number of free cybersecurity tools for credit unions, including assessment tools, resources and information on cyber incident reporting.

DHS Cybersecurity & Infrastructure Security Agency: CISA has a variety of free tools and services for credit unions, including free phishing and penetration testing.

FFIEC IT Examination Handbook Infobase:  FFIEC has made examination-related items available to the public.