Case Studies » Major National Credit Union

Agile approach to program management helps national federal credit union achieve ACET Baseline maturity

To strengthen cybersecurity preparedness and meet its annual National Credit Union Association (NCUA) assessment, our client, a national federal credit union, turned to the experts at Celerity.

Results of the engagement include:

connectionRemediating 14 outstanding gaps identified during previous NCUA assessments

Interlocking gears iconProviding program management expertise needed to support the delivery of 123 declarative statements using the Automated Cybersecurity Examination Tool (ACET)

Helping the client achieve ACET Baseline maturity level

The challenge

All credit unions with assets of more than $250 million and insured by the NCUA are required to undergo an annual cybersecurity assessment. And as part of its "Mature the Security" program, our client needed a new framework to close existing gaps uncovered during previous NCUA assessments.

In close consultation with the client's senior leadership, Celerity's team helped remediate its existing gaps and achieve ACET's Baseline level of maturity, the client would need to deliver 123 declarative statements—no small feat, given that the tool determines cybersecurity maturity across five distinct domains, each with its own set of complex challenges:

binoculars iconCyber risk management and oversight

Threat intelligence and collaboration

Cybersecurity controls

Organizational alignmentExternal dependency management

Cyber incident management and resilience

The solution

To ensure the client could identify opportunities for cyber risk buydown, remain compliant with regulatory requirements, and address future risks in a timely, focused manner, Celerity's team applied an Agile mindset to guide the client's program management.

Going Agile not only helped remediate existing gaps but also clarified how our teams could work in lockstep through each declarative statement. Celerity's scrum master updated how the client managed their backlog processes by defining the acceptance criteria for each statement as well as what constituted a task "completed."

Get in touch

In today's world of relentless change and disruption—especially when it comes to the ever-evolving world of cybersecurity risk—you don't need to go it alone. Ready to see how Celerity can help you create a problem-solving culture that turns change and risk into opportunities for strengthening the security of your business's data and people? Reach out the experts at Celerity today.