The National Credit Union Administration (NCUA) is an independent federal agency that requires U.S. federally-insured credit unions to establish a security program that addresses the privacy and protection of customer records and information.

The NCUA mandates that credit unions must design and implement an information security program to control identified risks, commensurate with the sensitivity of the information. Among the considerations must be access controls on member information systems and encryption of electronic member information, including while in transit or in storage on networks or systems.