Become a member
CRI Commends NIST for Publishing an Enhanced Cybersecurity Framework

NIST’s Cybersecurity Framework Includes Key Updates Encouraged by the Financial Sector

Washington, D.C.—The Cyber Risk Institute (CRI) commends the National Institute of Standards and Technology’s (NIST) publication of the final Cybersecurity Framework (CSF) 2.0. This version of the CSF reflects important changes in the evolving cybersecurity landscape, most importantly by adding a “Govern” function and more comprehensive coverage of supply chain risk management. The new Govern function will help organizations of all sizes better manage cyber risk programs.

CRI and its members have been involved throughout NIST’s update process by providing a response to proposed changes to the public draft CSF 2.0:

“CRI is a proud supporter of NIST and has been engaged in the CSF update process by submitting responses to requests for information and participating in public workshops when asked. In fact, NIST referenced CRI in its CSF 2.0 Concept Paper and added the new Govern function focused on cybersecurity governance, which the financial sector sees as a critical element of sound cybersecurity. It is from NIST that the Profile even got its name—we are a CSF extension for, and by, the financial services sector,” CRI Founder and CEO Josh Magri said.

The NIST CSF will continue to be an essential tool for organizations to navigate a complex, intricate cybersecurity threat landscape. Because of this, CRI has remained committed to aligning to the NIST CSF version 2.0 for its own Profile v2.0 update. CRI intends to release Profile version 2.0 later this week.


About the Cyber Risk Institute: The Cyber Risk Institute (CRI) is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization. The CRI Profile, formerly the Financial Services Sector Coordinating Council Financial Sector Profile, is a cybersecurity framework developed by and for the financial sector based on globally recognized standards. It connects the dots between cyber best practices and expectations from all over the world.

Media Contact:
Emily Beam
February 26, 2024

Next Article
The Cyber Risk Institute Announces Participation in Department of Commerce Consortium Dedicated to AI Safety