Welcome to the National Credit Union ISAO
Critical infrastructure represents the assets, systems and networks (physical or virtual), so vital that incapacitation or destruction would have debilitating and catastrophic cascading impacts within and across sectors. As cyber threats and attacks to global critical infrastructure continue to increase in frequency, severity and sophistication, impacts can result in catastrophic incidents, endangering national security, economies, business continuity, and public health and safety.
To advance Credit Union-specific cyber resilience, meeting compliance requirements, issues and challenges, a strategic collaborative partnership established the National Credit Union Information Sharing & Analysis Organization (NCU-ISAO).
The NCU-ISAO advances Credit Union Cyber Resilience by providing a sustainable infrastructure connecting public and private-sector stakeholders supporting security information sharing, coordinated response, leading practice, education, and discounted products and services.
NCU-ISAO Security Awareness Intelligence Information Sharing
Enabling bi-directional information sharing of cyber threat indicators, incidents, observables, threat actors, tactics, techniques and procedures, exploit targets and campaigns.
Risk Analysis, Analytics, and Metrics
Advancing Cyber Risk Management - Identifying top risks, metrics, effective controls, sector differentiation, forecasting, trending, modeling, comparison to others, and best practice.
Credit Union Cybersecurity Regulatory Intelligence
Providing information, intelligence and benchmarking information related to NCUA, FFIEC, PCI and other related guidance including the effective use of the self-assessment tools.
Credit Union Cyber Resilience Operational Guidance
Harmonizing leading practice focusing on people, process and technoloogy - defining credit union-specific cybersecurity operational guidance, tools, templates and resources - aligning with the business mission.
NCU-ISAO Cyber Education
Supporting security education as an enterprise-wide effort through workforce education and daily situational awareness, while enabling industry partner access to a cutting-edge cyber range to learn and practice cyber skills and incident response scenarios, and to develop organization-specific education programs and curriculum – leading industry teams toward cyber resilience.