Washington, D.C. —The Cyber Risk Institute (CRI) today announced the release of CRI Profile v2.2, along with additional artificial intelligence (AI) implementation resources designed to help financial institutions integrate AI risk management into existing cybersecurity and technology risk programs.
The CRI Profile remains a globally recognized, industry-developed framework that connects threats to mitigating controls and associated compliance requirements—providing a comprehensive view of cyber and technology risk from the server room to the boardroom. Version 2.2 introduces 12 new mappings and three updated mappings to leading global regulatory sources and industry standards for a total of 44 mappings.
Importantly, Profile v2.2 does not introduce changes to the core Diagnostic Statements. This ensures continuity for institutions currently using the framework and allows organizations to adopt the updated mappings without reworking existing control implementations or assessments.
In parallel, CRI is releasing new resources to support practical adoption of the Financial Services AI Risk Management Framework (FS AI RMF).
“CRI’s work continues to focus on harmonization—helping institutions align to multiple frameworks and regulatory expectations while maintaining operational efficiency,” said Josh Magri, Founder and CEO of the Cyber Risk Institute. “The issuance of both Profile v2.2 and these new AI resources reflects that commitment and helps firms address existing and emerging risks in a coordinated and scalable way.”
The new AI resources include:
- FS AI RMF: A CISO and CTO Guide to Relevant Control Objectives
A focused guide that identifies the subset of FS AI RMF Control Objectives most relevant to cybersecurity and IT organizations, clarifying where these teams have primary responsibility or meaningful contribution. - CRI Profile Mapping to FS AI RMF
A detailed mapping of Security/IT-relevant FS AI RMF Control Objectives to CRI Profile Diagnostic Statements, enabling organizations to integrate AI risk considerations into existing controls, assessments, and reporting processes. - CRI Profile Mapping to FS-ISAC Sector Risk Advisory
A mapping that aligns the CRI Profile to the FS-ISAC Sector Risk Advisory, which identifies actions financial institutions can take to prepare their enterprises for AI-enabled vulnerability discovery, including in response to Mythos. This resource helps financial institutions connect emerging AI-enabled threat scenarios to specific, actionable controls.
These resources are designed to provide a practical bridge between AI-specific risk considerations, threat-informed guidance, and established cybersecurity and technology risk management practices.
The CRI Profile and FS AI RMF were developed collaboratively by CRI’s global membership of financial institutions, trade associations, and technology providers.
These new resources are available for free download at www.cyberriskinstitute.org.
Media Contact:
Emily Beam
Emily.Beam@cyberriskinstitute.org
April 30, 2026
){kind=icon}