The NCUA (and all regulatory agencies) has put an enhanced focus on vendor due-diligence. Your vendors are key business partners, and their services often directly affect your ability to service your members.
Personal Computers (PCs) and servers are at great risk to attacks if their operating system and software applications are not kept up to date with the latest patches and service packs.
Because these devices are at the greatest risk of attacks (malware, ransomware, etc), increased focus and diligence has been put on a patch management and deployment service.
Firewall Ruleset Audit
We all understand the importance of a firewall for perimeter security. Additional layers of monitoring, configurations, and reporting from the firewall is now being required by the regulatory agencies. Are you sure that your firewall is properly configured.