The FFIEC’s Cybersecurity Assessment Tool (CAT) is crucial for compliance, and the IT Regulatory Compliance group always likes to cover it. Since the 2015 release of the CAT, I have noticed a trend that I believe is worth sharing. I have spoken with financial institutions (FIs) that have recently experienced personnel changes – such as new Network Administrators or new Information Security Officers. I like to ask if the new contact knows that the CAT has been updated, and often the answer is no. Or, as is often the case with the shuffle of personnel, the new hire does not know where to even find the most recent CAT, much less know whether it has been updated.