FedLine Solutions Security and Resiliency Assurance Program Resource Center
The Federal Reserve Banks’ FedLine Solutions are a critical component of the U.S. electronic payments system. While FedLine Solutions benefit from numerous embedded security features, organizations with access to these solutions play a vital role in safeguarding the endpoints that are used to interact with the Federal Reserve Banks.
The Assurance Program is risk-based and informed by industry best practices, federal standards (including National Institute of Standards and Technology (“NIST”) standards), and relevant supervisory guidance (including Federal Financial Organizations Examination Council (“FFIEC”) guidance). The program engages your organization’s senior management in the FedLine security review process to encourage holistic risk management practices and risk-based decision making.
Organizations that use the FedLine Solutions must perform the following to complete the Assurance Program:
- Conduct a Self-Assessment of its compliance with the Security Requirements.
- If required by the Federal Reserve Banks, ensure the Self-Assessment is conducted or reviewed by an independent internal function or third party. This information will be included in the body of the Assurance Program email, if required.
- Attest that the Self-Assessment was completed by having a senior management official or executive officer, in charge of electronic payments operations or payments security for the organization, sign the provided attestation letter.
The email containing attestation materials is sent each calendar year from the sending domain @adobesign.com to the End User Authorization Contacts (EUACs) for each organization. EUACs should be aware that this is a legitimate email from the Federal Reserve Bank.
When does my organization need to complete the program?
Your organization will have the calendar year (January – December 20xx) to complete the program. All organizations which use FedLine to access services or applications from the Federal Reserve Banks must complete the program on an annual basis.
What action do I need to take to prepare?
A kickoff email outlining program expectations and a program guide is sent annually to your organization’s EUACs to begin the process. Your EUACs may elect to identify a primary point of contact to take the lead with the program for your organization. If applicable, we encourage you to communicate with your organization’s compliance department or internal audit function to determine how this process may fit into your broader compliance or audit efforts.
Please refer to the webinar presentation deck and recordings for the webinar series which provide general information and specific steps needed to be taken to complete the Assurance Program. There will be additional webinars in each year. Future communications will provide additional details.
Security and Resiliency Assurance Program Overview: Assurance Program Basics
Security and Resiliency Assurance Program Overview: Conducting the Security Assessment
Security and Resiliency Assurance Program Overview: Completing the Assurance Program
The Federal Reserve Banks regularly update the Frequently Asked Questions page with details about the Assurance Program. To learn more, view these other communications about the Assurance Program.