ACET – Fives Is the Winning Hand for Credit Unions

ACET - Automated Compliance Examination Tool from NCUAIn most card games, fives are not necessarily a winning hand—you typically need a little more to be at the top of your game. But five is now a special number for credit unions. ACET, the Automated Compliance Examination Tool, is the mechanism that the National Credit Union Administration (NCUA) is using to test the inherent risk profile and cybersecurity maturity of America’s credit unions.

5 ACET Inherent Risk Profile Domains

The NCUA tool measures five levels of inherent risk across five domains, including:

  • Technologies and connection types
  • Delivery channels
  • Online/mobile products and technology services
  • Organizational characteristics
  • External threats

5 Levels of ACET Cybersecurity Maturity 

It also measures five levels of cybersecurity maturity:

  • Cyber risk management and oversight
  • Threat intelligence and collaboration
  • Cybersecurity controls
  • External dependency management
  • Cyber incident management and resilience

Five really is the magic number here.

When you first open the ACET tool, it’s natural to be overwhelmed. With hundreds of declarative statements needing response and row after row of documents within the Document Request List, the first impression is that the tool is overly complicated. But in short order, you will start to see overlapping information requests, trends, and more efficient ways of completing the assessment. Actually, the opportunity to identify overlaps and opportunities for increased efficiency is where the value of going through the ACET lies.

ACET Preparation Automated Compliance Examination Tool from NCUALike most cybersecurity frameworks, ACET is a combination of people, processes, and technologies. The challenge of working through an exam is the weeks and months it takes to gather, sort, and present evidence to meet the exam requirements. The ACET helps you to identify areas where you have an overlap in technology functionality. Since the heritage of cybersecurity is to identify a threat vector and then apply technology to combat that threat, most companies have an assortment of technologies that weren’t designed to work together. Each technology is its own piece leaving security staffs to put the puzzle together. This results in the need to hire multiple skill sets to use the range of tools, managing multiple contracts and licensing agreements, and additional time to gather the outputs from the various technologies to meet compliance needs. This is the reason many companies consolidate their cybersecurity infrastructure.

The ace in the hole is to have a cybersecurity partner like SilverSky that can provide solutions across a broad set of cybersecurity threats and allow you to remain NCUA compliant. By using ACET as a guide, companies can identify where they have redundant technologies, find places to reduce complexity, and save money.

ACET asks for documentation and processes that support cybersecurity like summaries of network control and monitoring systems (firewalls, IDS/IPS, SIEM, DLP, MDM, etc.). It also asks for summaries of antivirus, antispam and other email protection tools to block phishing, malware, ransomware, and prevent data extraction. Much of this documentation can come directly from a single SilverSky portal, as opposed to multiple portals from multiple vendors.
NCUA exams also require proof of doing exercises to document IT controls, vulnerability testing, network assessments, and penetration testing. Again, you could use several vendors to complete these assessments, but once again, you will need to pull the puzzle pieces together. SilverSky has twenty years of experience in highly regulated industries and can be a great force-multiplier to your internal team as you begin this journey.

As a bonus, when your cybersecurity partner goes through the same FFIEC compliance exam that you do, you know they understand the compliance issues far beyond vendors that don’t go through this process. And that is a winning hand. Contact us if you would like to discuss ways we can help you to prepare for ACET and, most importantly, strengthen your cybersecurity posture.

Kyle Benson Editor
Product Marketing Manager , SilverSky

Customer-focused product marketing manager driven to make complex cybersecurity technologies easy to understand and easy to value.

follow me



Managed Detection and Response

Comprehensive solutions to detect, prioritize, and address security incidents.

Managed Security Services

24 X 7 X 365 monitoring, management, and system maintenance.

Email Protection Suite

Monitor and manage your email environment with advanced email security and compliance protections.

Cloud Email and Collaboration

Cloud office productivity enhanced with proven security and compliance protection.

How does SilverSky's integrated stack of solutions meet your needs?

Compliance and Risk Services

Assess your program and controls, benchmark and identify areas for improvement. Develop your security roadmap for investment and improvements. Effectively measure ROI and impact on your security posture

Incident Response Readiness

Incident Response Plan Development / Review. Incident Response Readiness Review. Emergency Incident Response.

Discuss your compliance, risk management and incident response readiness needs.

Schedule Free 1-on-1 Consultation

Financial Services

1,500+ small & mid-sized financial institutions rely on SilverSky to meet and exceed FFEIC, GLBA and PCI DSS requirements and overall cybersecurity needs.


Hundreds of small & mid-sized healthcare organizations rely on SilverSky to address HIPAA and other regulatory requirements and serve overall cybersecurity needs.


Small and mid-sized retail organizations count on SilverSky to maintain PCI DSS requirements, secure customer data and reduce cybersecurity threats.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.


White papers, guides, tools, on-demand webinars, case studies and more. Explore a range of topics. 

Events & Webinars


Product Sheets

SilverSky product and services information at your fingertips. Product data sheets, compliance matrixes, & brochures.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

Become A Partner

Partner with SilverSky to tap into the approaching $300 billion+ cybersecurity market.

Talk to one of our partner managers and consider expanding your cybersecurity offerings.

Schedule Partner Exploration Discussion

Share This