Enhancing Cyber Security and Resiliency
The Cyber Risk Institute (CRI) is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity through standardization. Through consensus among the financial sector ecosystem, we developed a free tool—called the CRI Profile—and related guidance to help firms better manage cyber compliance programs.Learn more about CRI
“As we [Treasury] develop our [Cloud use in the financial services] report and over the longer term as we continue to work on these issues, we will collaborate with the private sector and organizations like Cyber Risk Institute, FBIIC members, and our international partners, many of which are considering increasing their oversight of cloud service providers.”
“Financial institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness. These tools include the FFIEC Cybersecurity Assessment Tool, the National Institute of Standards and Technology Cybersecurity Framework, the Center for Internet Security Critical Security Controls, and the [CRI] Profile.”
“A cyber assessment framework is a useful component of a comprehensive risk assessment…widely used frameworks Covered Entities employ are the FFIEC Cyber Assessment Tool, the CRI Profile, and the NIST Cybersecurity Framework.”
“[The CRI Profile] is one of the more detailed Cybersecurity Framework-based, sector regulatory harmonization approaches to date.”
“[The CRI Profile] is a customization of the NIST Cybersecurity Framework that financial institutions can use for internal and external cyber risk management assessment and as evidence for compliance, encompassing relations between Cyber frameworks, including the Core Standards. Further, CRI’s Cybersecurity Profile tool encompasses all three of the Core Standards (the NIST Cybersecurity Framework, ISO, and the CPMI-IOSCO Guidance), as well as others…”
“The Cyber Risk Institute houses and maintains the CRI Profile—the benchmark for cyber security and resiliency in the financial services industry.”
“Recommended frameworks for entities to refer to:[Cyber Risk Institute Cybersecurity Profile, NIST Cybersecurity Framework, New Zealand Information Security Manual (NZISM), and ISO/IEC 27000.]”
“Treasury, as Sector Risk Management Agency for the financial services sector, appreciates the inclusion of precision time resiliency into the CRI Profile. This collaboration on responsible use of precision time enables the sector to fully benefit from the Biden-Harris Administration’s continued work on this Executive Order.”
“[The CRI Profile] is a powerful tool to assist banks to mitigate the cost of fragmented cybersecurity regulations…it should become the accepted supervisory base-line…so supervisors and banks alike can more efficiently use scarce cyber security expertise.”
“…we’ll welcome any financial institution to provide information to us using the structure and taxonomy of the Profile, we see that as a boon for harmonization.”
“The Cyber Profile shows a third party the path and progression from a fin-tech into a mature organization. It tells you what the investment journey is going to look like, giving them a roadmap to do business with the big banks.”
A Better Tool for Compliance
What makes the Profile different from other frameworks is that CRI seeks regulatory feedback to ensure more complete mappings, thus increasing its acceptance.
Become a member.
Help shape the future of cyber security and resilience.
systemic and third-party risk with our innovative cybersecurity tools.
your cyber talent’s time so they can focus on risk identification, analysis, and frontline defense.
in a growing, global movement to help shape the future of cybersecurity in the financial sector.
the free online Profile to get out of the land of spreadsheets.