Trusted Standards for

Evolving Risks

The Cyber Risk Institute's mission is to advance the development and harmonization of cybersecurity, technology, and AI risk management standards for the financial services industry.

As a not-for-profit (501[c][6]), standards development organization, CRI connects threats to mitigating controls and associated compliance to provide institutions with a comprehensive view of risk—from the server room to the boardroom.  We do this through our products—CRI Profile, Cloud Profile, and FS AI RMF—member engagement, and an ecosystem of globally-known tool providers and consulting firms.

Download the CRI Profile
Learn More
“While the FFIEC does not endorse any particular tool, [Cyber Risk Institute’s (CRI) Cyber Profile], can assist financial institutions in their self-assessment activities.”

Federal Financial Institutions Examination Council

“…..we’ll welcome any financial institution to provide information to us using the structure and taxonomy of the Profile, we see that as a boon for harmonization.”

Board of Governors of the Federal Reserve System

“The Cyber Risk Institute houses and maintains the CRI Profile—the benchmark for cyber security and resiliency in the financial services industry.”

European Union Agency for Cybersecurity (ENISA)

Read all acknowledgments
The CRI Profile

One Framework for Global Alignment

The CRI Profile is a cybersecurity and technology framework built by and for the financial sector grounded in globally recognized standards. It connects the dots between best practices and regulatory expectations from all over the world—helping institutions stay secure, aligned, and prepared.

Key Benefits:

Regulatory Alignment:
Aligns with major financial sector cybersecurity and technology risk management standards supporting global supervisory expectations.

Streamlined Assessments:
Simplifies and reduces the burden of compliance assessments through a unified, standardized approach.

Industry-Driven, Broadly Accessible:
Developed by industry leaders and made available to all institutions – promoting consistent, scalable risk management.

Bridging Threats, Compliance and the Boardroom:
Connects leading threat frameworks to control objectives and regulatory expectations—enabling clear, risk-informed oversight at the executive and board levels.

Download the CRI Profile
Learn More

What is the Profile?

The CRI Profile is a financial-sector-led cybersecurity framework aligned with globally recognized standards and regulatory expectations. It supports consistent implementation of risk management practices, facilitates supervisory engagement, and promotes harmonization across jurisdictions.

What makes the Profile different from other frameworks is that CRI seeks regulatory feedback to ensure more complete mappings, thus increasing its acceptance.

CRI Profile v2.0

The CRI Profile is based on the National Institute of Standards and Technologyʼs (NIST) “Framework for Improving Critical Infrastructure Cybersecurity” and is aligned to NIST Cybersecurity Framework version 2.0. 

The Profile offers an efficient approach tailored to the needs of the financial services sector–helping institutions spend less time on compliance and more time on front-line defense.

Download the CRI Profile
Learn More

Cloud

CRI’s Cloud Profile is an extension of the CRI Profile developed through collaboration with the Cloud Service Providers. It provides actionable cloud security guidance for firms looking to implement or strengthen existing cloud technologies and operations.

Download Cloud Profile
Learn More

Translated

CRI is helping the financial sector speak the same language across borders. Find the Profile translated in Japanese, Spanish, and Portuguese.

Learn More

"Treasury, as Sector Risk Management Agency for the financial services sector, appreciates the inclusion of precision time resiliency into the CRI Profile. This collaboration on responsible use of precision time enables the sector to fully benefit from the Biden-Harris Administration’s continued work on this Executive Order…"

Todd Conklin
Deputy Assistant Secretary for the US Treasury Office of Cybersecurity and Critical Infrastructure Protection

"...the CRI Profile, and other similar risk-based tools have been useful to help financial institutions of all shapes and sizes assess their cyber risk and manage the myriad of financial regulatory requirements through a unified approach."

Ron Green
Chair, Financial Services Sector Coordinating Council

Membership

The Cyber Risk Institute mission is to advance the development and harmonization of cybersecurity, technology, and AI risk management standards for the financial services industry. 

Coming Soon

Marketplace

The CRI Marketplace is a hub for tools, products, and services designed to help financial institutions adopt and implement CRI resources. Whether you’re just getting started or looking to modernize your program, the CRI Marketplace offers resources to support every stage of your journey. The CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity through standardization.

Become A Member

Help shape the future of cybersecurity, resilience, and AI risk management.

Develop Products

Be at the forefront of standards development and global alignment:

  • Profile updates and mappings
  • Artificial Intelligence (AI) Framework
  • Maturity Model
  • Minimum Controls for Third Parties
  • New Global Mappings from EU, Australia, Japan

Equip Members

Get the support and resources you need to implement with confidence:

  • Free Online Tool
  • Committees & Working Groups
  • In-Person Events
  • Ecosystem Relationships
  • Training Materials
  • CRI Profile Translations

Engage Regulators

Stay informed and represented in global regulatory discussions through CRI’s relationships. See statements of acknowledgement from:

  • Japan’s Financial Services Agency as a “relevant guideline” alongside the NIST Cybersecurity Framework
  • CISA included a CRI mapping in the CPGs and acknowledged CRI in its CPG Matrix
  • NYDFS re-cited the Profile in its public FAQs
  • ...And more
Read all acknowledgments
What's New

The Latest from CRI

View all press releases
Press Release

CRI Issues Profile Version 2.1 and Maturity Model

Read more
Press Release

Cyber Risk Institute Announces 2025 Board of Directors

Read more
Press Release
5 min read

Financial Sector Releases Minimum Cyber Guidelines with Support of U.S. Treasury

Read more
Press Release

Cyber Risk Institute Announces Two Strategic Board Appointments

Read more
Press Release

CRI Premium Innovator Community Insights

Read more
View all
icon close
Register to Start Download.
download

Please enter the following information

to access your free download.

icon close
Download Starting.
download

Thank you for your interest in the CRI Profile.

Your download should begin shortly.