FedLine Solutions Security and Resiliency Assurance Program Resource Center

Action required: Prepare for the distribution of 2024 FedLine® Solutions Security and Resiliency Assurance Program materials

Starting the week of Jan. 29, organizations will receive attestation materials for the 2024 calendar year, including references to relevant security control guidelines. Your organization will have until Dec. 31, 2024, to complete the program.

What can I do to prepare?

The attestation materials will be sent to all End User Authorization Contacts (EUACs) at your organization. Take the steps below to prepare:

  1. To help ensure deliverability of the materials, add the following domain to your organization’s safe senders list: @adobesign.com. This is the domain that your organization’s materials will be sent from.
  2. Review the EUAC list and update associated contact information.
  3. Revoke EUACs that are no longer with your organization or are no longer performing this function.
  4. Ensure your organization has at least two EUACs and assign new EUACs, if necessary.
  5. Identify a primary point of contact to facilitate the Assurance Program process on behalf of your organization. This step is optional but may be useful to organizations that have multiple accounts.
  6. Share the attestation materials with your designated point of contact.

We appreciate your support and look forward to working with you on this important program. If you have questions, please contact the Assurance Program directly at sys.assurance.program@frb.org. As a reminder, your relationship manager is also available to assist you. To find a list of Federal Reserve Bank contacts specific to your organization, use the Find Your Contacts tool.

The Security and Resiliency Assurance Program (“Assurance Program”) requires that each organization, at least annually, conduct a self-assessment of its compliance with the FedLine Security Requirements and attest to having conducted such self-assessment, as outlined in Appendix A, Section 3 of Operating Circular 5. These measures are intended to help protect against unauthorized access or use of information that could result in substantial harm to an organization.

The Federal Reserve Banks’ FedLine Solutions are a critical component of the U.S. electronic payments system. While FedLine Solutions benefit from numerous embedded security features, organizations with access to these solutions play a vital role in safeguarding the endpoints that are used to interact with the Federal Reserve Banks.

The Assurance Program is risk-based and informed by industry best practices, federal standards (including National Institute of Standards and Technology (“NIST”) standards) and relevant supervisory guidance (including Federal Financial Organizations Examination Council (“FFIEC”) guidance). The program engages your organization’s senior management in the FedLine security review process to encourage holistic risk management practices and risk-based decision making.

Organizations that use the FedLine Solutions must perform the following to complete the Assurance Program:

  • Conduct a Self-Assessment of its compliance with the Security Requirements.
  • If required by the Federal Reserve Banks, ensure the Self-Assessment is conducted or reviewed by an independent internal function or third party. This information will be included in the body of the Assurance Program email, if required.
  • Attest that the Self-Assessment was completed by having a senior management official or executive officer, in charge of electronic payments operations or payments security for the organization, sign the provided attestation letter.

When does my organization need to complete the program?

Your organization will have the full calendar year to complete the program. All organizations which use FedLine to access services or applications from the Federal Reserve Banks must complete the program on an annual basis.

What action do I need to take to prepare?

A kickoff email outlining program expectations and a program guide is sent annually from Assurance Program adobesign@adobesign.com to your organization’s EUACs to begin the process. Your EUACs may elect to identify a primary point of contact to take the lead with the program for your organization. If applicable, we encourage you to communicate with your organization’s compliance department or internal audit function to determine how this process may fit into your broader compliance or audit efforts.

Webinar Information

Please refer to the webinar presentation deck and recordings for the webinar series which provide general information and specific steps needed to be taken to complete the Assurance Program.

Security and Resiliency Assurance Program Overview Webinar

FAQs

The Federal Reserve Banks regularly update the Frequently Asked Questions page with details about the Assurance Program. To learn more, view these other communications about the Assurance Program.

Additional Resources

Top of Page