1. Home
  2. Resources
  3. Resource Centers
  4. FedLine Solutions Security and Resiliency Assurance Program Resource Center

FedLine Solutions Security and Resiliency Assurance Program Resource Center

Action required: Prepare for the distribution of 2025 FedLine® Solutions Security and Resiliency Assurance Program materials

By no later than March 15, 2025, organizations will receive attestation materials for the 2025 calendar year, including references to relevant security control guidelines. Your organization will have until Dec. 31, 2025, to complete the program.

What can I do to prepare?

The attestation materials will be sent to all End User Authorization Contacts (EUACs) at your organization. Take the steps below to prepare:

  1. To help ensure deliverability of the materials, add the following domain to your organization’s safe senders list: @adobesign.com. This is the domain that your organization’s materials will be sent from.
  2. Review the EUAC list and update associated contact information.
  3. Revoke EUACs that are no longer with your organization or are no longer performing this function.
  4. Ensure your organization has at least two EUACs and assign new EUACs, if necessary.
  5. Identify a primary point of contact to facilitate the Assurance Program process on behalf of your organization. This step is optional but may be useful to organizations that have multiple accounts.
  6. Share the attestation materials with your designated point of contact.

We appreciate your support and look forward to working with you on this important program. If you have questions, please contact the Assurance Program directly at [email protected]. As a reminder, your relationship manager is also available to assist you. To find a list of Federal Reserve Bank contacts specific to your organization, use the Find Your Contacts tool.

The Security and Resiliency Assurance Program (“Assurance Program”) requires that each organization, at least annually, conduct a self-assessment of its compliance with the FedLine Security Requirements and attest to having conducted such self-assessment, as outlined in Appendix A, Section 3 of Operating Circular 5. These measures are intended to help protect against unauthorized access to FedLine services or transactional data.

If you find any areas of non-compliance when conducting the assessment, you should follow your existing remediation processes commensurate with the nature of the identified gap and your organization’s risk posture. There may be compensating controls that mitigate the risk to an acceptable level within your organization’s risk posture, thereby negating any need for remediation. You are not required to submit the results or findings of your risk assessment, or any supporting documentation, or any remediation plans. The electronically signed attestation response is the only document that will be required to be submitted to the Federal Reserve Banks. Note, however, that evidence of the assessment and any remediation activity (or a determination of satisfactory compensating controls) should be maintained according to your organization’s record retention policy.

The Federal Reserve Banks’ FedLine Solutions are a critical component of the U.S. electronic payments system. While FedLine Solutions benefit from numerous embedded security features, organizations with access to these solutions play a vital role in safeguarding the endpoints that are used to interact with the Federal Reserve Banks.

The Assurance Program is risk-based and informed by industry best practices, federal standards (including National Institute of Standards and Technology (“NIST”) standards) and relevant supervisory guidance (including Federal Financial Organizations Examination Council (“FFIEC”) guidance). The program engages your organization’s senior management in the FedLine security review process to encourage holistic risk management practices and risk-based decision making.

Organizations that use the FedLine Solutions must perform the following to complete the Assurance Program:

  • Conduct a Self-Assessment of its compliance with the Security Requirements.
  • If required by the Federal Reserve Banks, ensure the Self-Assessment is conducted or reviewed by an independent internal function or third party. This information will be included in the body of the Assurance Program email, if required.
  • Attest that the Self-Assessment was completed by having a senior management official or executive officer, in charge of electronic payments operations or payments security for the organization, sign the provided attestation letter.

When does my organization need to complete the program?

Your organization will have the full calendar year to complete the program. All organizations which use FedLine to access services or applications from the Federal Reserve Banks must complete the program on an annual basis.

What action do I need to take to prepare?

A kickoff email outlining program expectations and a program guide is sent annually from Assurance Program [email protected] to your organization’s EUACs to begin the process. Your EUACs may elect to identify a primary point of contact to take the lead with the program for your organization. If applicable, we encourage you to communicate with your organization’s compliance department or internal audit function to determine how this process may fit into your broader compliance or audit efforts.

Webinar Information

Please refer to the webinar presentation deck and recordings for the webinar series which provide general information and specific steps needed to be taken to complete the Assurance Program.

Security and Resiliency Assurance Program Overview Webinar

FAQs

The Federal Reserve Banks regularly update the Frequently Asked Questions page with details about the Assurance Program. To learn more, view these other communications about the Assurance Program.

Additional Resources

Top of Page