ACET - Automated Compliance Examination Tool from NCUAIn most card games, fives are not necessarily a winning hand—you typically need a little more to be at the top of your game. But five is now a special number for credit unions. ACET, the Automated Compliance Examination Tool, is the mechanism that the National Credit Union Administration (NCUA) is using to test the inherent risk profile and cybersecurity maturity of America’s credit unions.

5 ACET Inherent Risk Profile Domains

The NCUA tool measures five levels of inherent risk across five domains, including:

  • Technologies and connection types
  • Delivery channels
  • Online/mobile products and technology services
  • Organizational characteristics
  • External threats

5 Levels of ACET Cybersecurity Maturity 

It also measures five levels of cybersecurity maturity:

  • Cyber risk management and oversight
  • Threat intelligence and collaboration
  • Cybersecurity controls
  • External dependency management
  • Cyber incident management and resilience

Five really is the magic number here.

When you first open the ACET tool, it’s natural to be overwhelmed. With hundreds of declarative statements needing response and row after row of documents within the Document Request List, the first impression is that the tool is overly complicated. But in short order, you will start to see overlapping information requests, trends, and more efficient ways of completing the assessment. Actually, the opportunity to identify overlaps and opportunities for increased efficiency is where the value of going through the ACET lies.

ACET Preparation Automated Compliance Examination Tool from NCUALike most cybersecurity frameworks, ACET is a combination of people, processes, and technologies. The challenge of working through an exam is the weeks and months it takes to gather, sort, and present evidence to meet the exam requirements. The ACET helps you to identify areas where you have an overlap in technology functionality. Since the heritage of cybersecurity is to identify a threat vector and then apply technology to combat that threat, most companies have an assortment of technologies that weren’t designed to work together. Each technology is its own piece leaving security staffs to put the puzzle together. This results in the need to hire multiple skill sets to use the range of tools, managing multiple contracts and licensing agreements, and additional time to gather the outputs from the various technologies to meet compliance needs. This is the reason many companies consolidate their cybersecurity infrastructure.

The ace in the hole is to have a cybersecurity partner like SilverSky that can provide solutions across a broad set of cybersecurity threats and allow you to remain NCUA compliant. By using ACET as a guide, companies can identify where they have redundant technologies, find places to reduce complexity, and save money.

ACET asks for documentation and processes that support cybersecurity like summaries of network control and monitoring systems (firewalls, IDS/IPS, SIEM, DLP, MDM, etc.). It also asks for summaries of antivirus, antispam and other email protection tools to block phishing, malware, ransomware, and prevent data extraction. Much of this documentation can come directly from a single SilverSky portal, as opposed to multiple portals from multiple vendors.
NCUA exams also require proof of doing exercises to document IT controls, vulnerability testing, network assessments, and penetration testing. Again, you could use several vendors to complete these assessments, but once again, you will need to pull the puzzle pieces together. SilverSky has twenty years of experience in highly regulated industries and can be a great force-multiplier to your internal team as you begin this journey.

As a bonus, when your cybersecurity partner goes through the same FFIEC compliance exam that you do, you know they understand the compliance issues far beyond vendors that don’t go through this process. And that is a winning hand. Contact us if you would like to discuss ways we can help you to prepare for ACET and, most importantly, strengthen your cybersecurity posture.

Managed Security Services

Your around the clock SOC.

Managed Endpoint Detection and Response

Some attacks will succeed. Don’t worry—we have you.

Managed Detection and Response

Augment your IT team using our expertise and the latest technologies.

Email Protection Suite

Defending against the leading attack vector.

Cloud Email and Collaboration

More than ever, the cloud is essential.

Incident Response Readiness

When a breach occurs, you’ll be ready.

Compliance & Risk Services

Take the next steps on your cybersecurity maturity journey.

Trusted Cybersecurity for an Uncertain World

Understand, detect, and effectively respond to threats, reduce business risk and improve the return on your security investment.

Financial Services

We comply with the same regulations you do.


Affordable defenses for a sector under attack.


SilverSky stands between cybercriminals and your customers’ data.

Benefits of a Single Vendor Relationship

The Cooperative Bank of Cape Cod found itself especially appreciative of SilverSky’s comprehensive solution set—particularly as they rapidly, but securely, enabled employees to work remotely.


Automated Cybersecurity Examination Tool


Health Insurance Portability and Accountability Act


Payment Card Industry Data Security Standard


Federal Financial Institutions Examination Council


Gramm-Leach-Bliley Act

ACET Helps Credit Unions Further Their Missions

Learn how going all in for ACET protects customers and the health of community-based financial services.


Articles, guides, ebooks, tools, on-demand webinars, case studies, and more. Explore a range of topics.

Press & Events

Press releases, upcoming conferences and trade shows, and future and on-demand webinars

Revisiting Cybersecurity’s Delicate Balance

Learn how CISOs are rebalancing prevention, detection, and response for stronger cyber defenses.

About Us

Trusted cybersecurity for an uncertain world.


Looking to join the fight against cybercriminals?

Security Management Console

Comprehensive customer portal for state of devices, reports for compliance, support tickets, and more.

Transforming Cybersecurity Culture from Corner Offices to Cubicles

Executives are increasingly thinking about cybersecurity management in a similar manner as they would any other risk assessment. This guide is here to help.