Become a member

Standards Raised.

The CRI Profile is a cybersecurity framework developed by and for the financial sector based on globally recognized standards. It connects the dots between cyber best practices and expectations from all over the world.

Enhancing Cyber Security and Resiliency
Through Standardization

The Cyber Risk Institute (CRI) is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity through standardization. Through consensus among the financial sector ecosystem, we developed a free tool—called the CRI Profile—and related guidance to help firms better manage cyber compliance programs.

Learn more about CRI

Recognition

“Supervised financial institutions may also consider use of industry developed resources, such as the Cyber Risk Institute’s (CRI) Cyber Profile, and the Center for Internet Security Critical Security Controls…. While the FFIEC does not endorse any particular tool, these standardized tools can assist financial institutions in their self-assessment activities.”

Federal Financial Institutions Examination Council

“As we [Treasury] develop our [Cloud use in the financial services] report and over the longer term as we continue to work on these issues, we will collaborate with the private sector and organizations like Cyber Risk Institute, FBIIC members, and our international partners, many of which are considering increasing their oversight of cloud service providers.”

Todd Conklin, Deputy Assistant Secretary for the Office of Cybersecurity and Critical Infrastructure Protection, US Dept of Treasury at  the Financial Stability Oversight Council Meeting on October 3, 2022

“Financial institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness. These tools include the FFIEC Cybersecurity Assessment Tool, the National Institute of Standards and Technology Cybersecurity Framework, the Center for Internet Security Critical Security Controls, and the [CRI] Profile.”

Federal Financial Institutions Examination Council

“A cyber assessment framework is a useful component of a comprehensive risk assessment…widely used frameworks Covered Entities employ are the FFIEC Cyber Assessment Tool, the CRI Profile, and the NIST Cybersecurity Framework.”

New York State Department of Financial Services

“[The CRI Profile] is one of the more detailed Cybersecurity Framework-based, sector regulatory harmonization approaches to date.”

The National Institute of Standards and Technology (NIST)

“[The CRI Profile] is a customization of the NIST Cybersecurity Framework that financial institutions can use for internal and external cyber risk management assessment and as evidence for compliance, encompassing relations between Cyber frameworks, including the Core Standards. Further, CRI’s Cybersecurity Profile tool encompasses all three of the Core Standards (the NIST Cybersecurity Framework, ISO, and the CPMI-IOSCO Guidance), as well as others…”

The Board of the International Organization of Securities Commissions (IOSCO)

“The Cyber Risk Institute houses and maintains the CRI Profile—the benchmark for cyber security and resiliency in the financial services industry.”

European Union Agency for Cybersecurity (ENISA)

“Recommended frameworks for entities to refer to:[Cyber Risk Institute Cybersecurity Profile, NIST Cybersecurity Framework, New Zealand Information Security Manual (NZISM), and ISO/IEC 27000.]”

Reserve Bank of New Zealand

“Treasury, as Sector Risk Management Agency for the financial services sector, appreciates the inclusion of precision time resiliency into the CRI Profile. This collaboration on responsible use of precision time enables the sector to fully benefit from the Biden-Harris Administration’s continued work on this Executive Order.”

Todd Conklin, Treasury Deputy Assistant Secretary for the Office of Cybersecurity and Critical Infrastructure Protection.

“[The CRI Profile] is a powerful tool to assist banks to mitigate the cost of fragmented cybersecurity regulations…it should become the accepted supervisory base-line…so supervisors and banks alike can more efficiently use scarce cyber security expertise.”

The International Regulatory Strategy Group

“…we’ll welcome any financial institution to provide information to us using the structure and taxonomy of the Profile, we see that as a boon for harmonization.”

Board of Governors of the Federal Reserve System

“The Cyber Profile shows a third party the path and progression from a fin-tech into a mature organization. It tells you what the investment journey is going to look like, giving them a roadmap to do business with the big banks.”

COO, Assessment Organization

A Better Tool for Compliance

Produced through industry consensus, the Profile is a consolidated approach to assess cybersecurity, resiliency, and efficacy.

What makes the Profile different from other frameworks is that CRI seeks regulatory feedback to ensure more complete mappings, thus increasing its acceptance.
Download the Profile

Become a member.

Help shape the future of cyber security and resilience.

Minimize

systemic and third-party risk with our innovative cybersecurity tools.

Optimize

your cyber talent’s time so they can focus on risk identification, analysis, and frontline defense.

Participate

in a growing, global movement to help shape the future of cybersecurity in the financial sector.

Access

the free online Profile to get out of the land of spreadsheets.

Learn about Membership

    Apply for membership.

    Complete the form and someone will be in touch.





    BACK TO TOP