Cybersecurity Supervision Work Program Overview
The Cybersecurity Supervision Work Program (CSW) is a component of the Office of the Comptroller of the Currency’s (OCC) risk-based bank information technology (BIT) supervision process. The CSW provides high-level examination objectives and procedures that are aligned with existing supervisory guidance and the National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF).
View the Cybersecurity SupervisionWork Program References
The CSW is structured according to the five NIST-CSF functions—Identify, Protect, Detect, Respond, and Recover—and the related categories and subcategories. This alignment provides examiners with a common framework and terminology in discussions with bank management.
The attachment to OCC Bulletin 2023-22, “Cybersecurity: Cybersecurity Supervision Work Program ,” summarizes the CSW’s high-level objectives and the corresponding categories and subcategories. Examiners apply a risk-based approach when completing the CSW and supplement their assessments using the following references:
Comptroller’s Handbook booklet: Community Bank Supervision
Comptroller’s Handbook booklet: Large Bank Supervision
Other related supervisory guidance
The OCC continues to encourage use of standardized approaches to assess and improve cybersecurity preparedness. National banks and federal savings associations may choose from a variety of standardized tools and frameworks available, including the FFIEC Cybersecurity Assessment Tool. The OCC sets no new regulatory expectations with its issuance of the CSW.