In this special Credit Union Edition of the ByteWise Podcast, Daniela, Brian, and Glen are joined by Tom Costello, CEO of Upstreme, to unpack the future of the Automated Cybersecurity Examination Tool (ACET) and its impact on credit unions.

For years, ACET has been the standard tool for cybersecurity self-assessments, but with its foundation—the FFIEC’s Cybersecurity Assessment Tool (CAT)—now officially sunset, credit unions must prepare for what comes next.

• ACET’s Rise and Sunset: Why the tool was created, its limitations, and why regulators are moving away from it.

• Alternative Frameworks: Deep dive into the top three contenders—NIST CSF 2.0, the CRI Profile, and the CIS Controls—and what each offer.

• Credit Union Realities: Challenges for smaller institutions, including ISE framework considerations, resource constraints, and scaling expectations.

• Transition Strategies: Practical advice on mapping from ACET to modern frameworks, avoiding common mistakes, and creating a smooth shift.

• Bigger Picture: How technologies like AI and Zero Trust Architecture are reshaping InfoSec, and why now is the perfect moment for credit unions to reframe cyber risk conversations with boards and leadership.

• Risk & Governance: Connecting frameworks to enterprise risk management, risk appetite, and governance functions—ensuring cyber strategy aligns with organizational strategy.

• “All frameworks are wrong. Some of them are just more useful than others.” – Tom Costello

• “The biggest mistake is doing nothing and sticking with ACET.” – Tom Costello

• NIST Cybersecurity Framework 2.0

• Financial Services CRI Profile

• CIS Controls

• Upstreme

• Connect with Tom