Additional Resources for Artificial Intelligence
As the AI landscape continues to quickly evolve, CRI has developed additional resources to assist firms in sound AI risk management practices. CRI will continue to add resources over time.
Overview
As financial institutions advance the adoption of artificial intelligence, cybersecurity and IT leaders are increasingly evaluating how the Financial Services AI Risk Management Framework (FS AI RMF) aligns with their existing responsibilities and CRI Profile-based activities.
The FS AI RMF spans a broad range of enterprise AI governance and risk management domains, including areas beyond the traditional scope of cybersecurity and IT. To support practical adoption, CRI has developed a focused set of resources designed to help CISOs and CTOs identify where and how to engage.
Approach
By focusing on the Control Objectives most relevant to security and IT and providing a clear mapping to the CRI Profile, these materials offer a practical and scalable path for integrating AI risk management into current programs.
All organizations are structured differently, and the allocation of AI-related roles and responsibilities varies. These resources are intended to provide general guidance and support consistency, while allowing for flexibility based on each institution’s operating model.
User Guide
The FS AI RMF: A CISO and CTO Guide to Relevant Control Objectives provides a structured overview of the Control Objectives most relevant to cybersecurity and IT organizations. It outlines the scoping approach used to identify these Control Objectives and provides guidance on how to interpret and apply them within existing cyber and technology risk programs.
The guide is intended to help organizations understand where cybersecurity and IT teams are likely to have primary responsibility or meaningful contribution, while recognizing that broader AI governance and risk management activities are shared across the enterprise.
Mapping Document
The accompanying mapping document provides a detailed linkage between FS AI RMF Control Objectives and CRI Profile Diagnostic Statements. It identifies the subset of Control Objectives most relevant to cybersecurity and IT and maps those objectives directly to existing Profile statements.
The mapping is designed to support integration of AI risk management into established controls, processes, and assessments—enabling organizations to extend existing Profile-based activities rather than introducing duplicative or disconnected efforts.
Profile Mapping to FS-ISAC Sector Risk Advisory
This resource is intended to help institutions translate emerging threat scenarios into specific, actionable controls. The mapping identifies where relevant CRI Profile control objectives/diagnostic statements—particularly those most applicable to cybersecurity and IT—align to CRI Profile Diagnostic Statements and the FS-ISAC actions. The goal is to provide a clear, practical bridge between threat-driven guidance and existing control environments, enabling teams to incorporate these considerations into current assessment, monitoring, and reporting processes.
The FS-ISAC Sector Risk Advisory can be found here: Knowledge | Sector Risk Advisory: AI-Enabled Vulnerability Detection & Remediation Perspectives on Third Parties.
){kind=icon}
Trusted Standards for Evolving Risks
Trusted Standards for Evolving Risks. The Cyber Risk Institute mission is to advance the development and harmonization of cybersecurity, technology, and AI risk management standards for the financial services industry.
As a not-for-profit standards development organization, CRI connects threats to mitigating controls and associated compliance to provide institutions with a comprehensive view of risk—from the server room to the boardroom.
We do this through our products – CRI Profile, Cloud Profile, and FS AI RMF – member engagement, and an ecosystem of globally known tool providers and consulting firms.