FedLine Solutions Security and Resiliency Assurance Program Resource Center
The Security & Resiliency Assurance Program (“Assurance Program”) requires that each organization, at least annually, conduct a self-assessment of its compliance with the FedLine Security Requirements and attest to having conducted such self-assessment, as outlined in Appendix A, Section 3 of Operating Circular 5. These measures are intended to help protect against unauthorized access or use of information that could result in substantial harm to an organization.
The Federal Reserve Banks’ FedLine Solutions are a critical component of the U.S. electronic payments system. While FedLine Solutions benefit from numerous embedded security features, organizations with access to these solutions play a vital role in safeguarding the endpoints that are used to interact with the Federal Reserve Banks.
The Assurance Program is risk-based and informed by industry best practices, federal standards (including National Institute of Standards and Technology (“NIST”) standards), and relevant supervisory guidance (including Federal Financial Organizations Examination Council (“FFIEC”) guidance). The program engages your organization’s senior management in the FedLine security review process to encourage holistic risk management practices and risk-based decision making.
Organizations that use the FedLine Solutions must perform the following to complete the Assurance Program:
- Conduct a Self-Assessment of its compliance with the Security Requirements.
- If required by the Federal Reserve Banks, ensure the Self-Assessment is conducted or reviewed by an independent internal function or third party. This information will be included in the body of the Assurance Program email, if required.
- Attest that the Self-Assessment was completed by having a senior management official or executive officer, in charge of electronic payments operations or payments security for the organization, sign the provided attestation letter.
The email containing attestation materials is sent each calendar year from the sending domain @adobesign.com to the End User Authorization Contacts (EUACs) for each organization. EUACs should be aware that this is a legitimate email from the Federal Reserve Bank.
When does my organization need to complete the program?
Your organization will have the calendar year (January – December 20xx) to complete the program. All organizations which use FedLine to access services or applications from the Federal Reserve Banks must complete the program on an annual basis.
What action do I need to take to prepare?
A kickoff email outlining program expectations and a program guide is sent annually to your organization’s EUACs to begin the process. Your EUACs may elect to identify a primary point of contact to take the lead with the program for your organization. If applicable, we encourage you to communicate with your organization’s compliance department or internal audit function to determine how this process may fit into your broader compliance or audit efforts.
Webinar Information
Please refer to the webinar presentation deck and recordings for the webinar series which provide general information and specific steps needed to be taken to complete the Assurance Program.
Security and Resiliency Assurance Program Overview Webinar
FAQs
The Federal Reserve Banks regularly update the Frequently Asked Questions page with details about the Assurance Program. To learn more, view these other communications about the Assurance Program.