A global standard for
cyber risk management.
The CRI Profile has become a trusted resource for self-assessment and regulatory engagement. Building on this foundation, CRI has developed the Cloud Profile and a Maturity Model, and is working on an Artificial Intelligence (AI) framework for financial services.
CRI Profile v2.0
The CRI Profile is based on the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) and aligned to CSF version 2.
The Profile offers an efficient approach tailored to the needs of the financial services sector, helping institutions spend less time on compliance and more time on front-line defense.
Supporting Documents
Contains the CRI Profile v2.1 mappings to various regulations, guidance, issuances, and framework documents.Highlights what’s new with Profile version 2.0.
Download Catalog →
Provides assistance with implementing the Profile.
Download Guidebook →
Offers an overview of the Profile and its benefits.
Download User Guide →
Helps determine which of the Profile’s 318 Diagnostic Statements apply to your organization.
Download Questionnaire →
Highlights what’s new with Profile version 2.0.
Download Fact Sheet →
Provides a comprehensive overview of the DORA technical standards.Highlights what’s new with Profile version 2.0.
Download Mapping →
Provides a mapping and gap analysis for CRI Profile users.
Download Guide →
Provides a mapping to NIST 800-53r5 consistent with NIST’s Online Informative References Program.Provides a mapping and gap analysis for CRI Profile users.
Download Mapping →
Profile-MITRE ATT&CK mapping to help connect threats to compliance.
Download File →
What Is the CRI Profile?
The CRI Profile provides an efficient approach to technology and cybersecurity risk management that effectively counters dynamic and evolving threats and provides adequate assurance to government supervisors.
- A cyber risk management framework made for and by the financial sector.
- Based on the NIST Cybersecurity Framework.
- Extended for the financial industry to address the focus of regulators on important governance and third-party issues.
- Harmonizes 3,500+ regulatory expectations into 318 control objectives, called diagnostic statements.
- Regularly updated to reflect the evolving cybersecurity regulatory landscape.
- Receives global recognition from regulators and industry bodies.
- Gives financial institutions one simple framework on which to rely.
- Provides regulators with a consistent and widely understood framework.
The Profile scales to a firm’s impact on the global economy.
- Only nine questions to determine impact tier.
- Fewer, more tailored assessment questions.
- Based on systemic impact—not asset size.
- Subsequent tier review provides roadmap for advanced security.
Firms qualifying as an Impact Tier 4 firm
Reduction in questions for those firms qualifying as an Impact Tier 4 firm as compared to another widely used assessment.
Firms qualifying as an Impact Tier 1
Reduction in questions for those firms qualifying as an Impact Tier 1 firm as compared to another widely used assessment.
How the Profile works.
Industry-Wide Harmony
The Profile improves cybersecurity across the entire sector.
Still have questions?
Reach out to learn more about the CRI Profile or how CRI tools can support your organization.
Josh Magri
CRI President & Founder
membership@cyberriskinstitute.org
){kind=icon}
Trusted Standards for Evolving Risks
Trusted Standards for Evolving Risks. The Cyber Risk Institute mission is to advance the development and harmonization of cybersecurity, technology, and AI risk management standards for the financial services industry.
As a not-for-profit standards development organization, CRI connects threats to mitigating controls and associated compliance to provide institutions with a comprehensive view of risk—from the server room to the boardroom.
We do this through our products - CRI Profile, Cloud Profile, and FS AI RMF – member engagement, and an ecosystem of globally known tool providers and consulting firms.