Become a member
Become a member
Logo
The Profile
Who We Are
Impact
Events
News

The Profile is the benchmark for cyber risk assessment.

Free CRI Downloads!

  • CRI Cloud Profile Extension, v1.2.1 01.25.2023

    Download File

    SHA1 Checksum: 979b4b94f2a38dd44e49c208a97dd461e3fee705

  • Download the CRI Profile v1.2.1

    Download File

    SHA1 Checksum: 29d4c23af4f35300c96925c626f3d6785fd5707c

  • Download the CRI Profile v1.2.1 - Non-MacroEnabled

    Download File

    SHA1 Checksum: f78e03f44dba7435227f8c500042dae2086daf3e

  • CRI Profile Roadmap for 2022 and Beyond

    Download File

    SHA1 Checksum: 2cb4868fbb70bdd5189df61dad96f79d3ebd728c

  • CRI Profile Workbook

    Download File

    SHA1 Checksum: 5c11128b003f2588ed306759e77ae7ecc23e9dc6

  • CRI Profile User Guide

    Download File

    SHA1 Checksum: 9b058dab757f1142a903ee3c4064c289bb502977

  • CRI Profile Impact Questionnaire

    Download File

    SHA1 Checksum: fea467238cd006a38461927395bba242cc605c39

Cancel

How it Works

The Profile is a unified approach for assessing cybersecurity risk.

  • Consolidates 2,300+ regulations into 277 diagnostic statements
  • Gives financial institutions one simple framework to rely on
  • Based on common ISO and NIST categories (Identify, Protect, Detect, Respond, Recover)
  • Adds two categories specific to the financial industry (Governance, Dependency Mgmt.)

73%

Reduction in questions for those firms qualifying as an Impact Tier 4 firm as compared to another widely used assessment

49%

Reduction in questions for those firms qualifying as an Impact Tier 1 firm as compared to another widely used assessment

The Profile scales to a firm’s impact on the global economy.

  • Only nine questions to determine impact tier
  • Fewer, more tailored assessment questions
  • Based on systemic impact—not asset size
  • Subsequent tier review provides roadmap for advanced security

73%

Reduction in questions for those firms qualifying as an Impact Tier 4 firm as compared to another widely used assessment

49%

Reduction in questions for those firms qualifying as an Impact Tier 1 firm as compared to another widely used assessment

Industry-Wide Harmony

The Profile improves cybersecurity across the entire sector.

Institutions

Enabling institutions to focus on what matters most.

  • More time for frontline defense
  • More consistent regulation mapping for policies and procedures
  • Better organization of complex risk management
  • Improved internal progress tracking
  • Better board engagement, prioritization, and funding
  • Streamlined due diligence for third parties and M&A
  • Wider talent pool for recruitment

Regulators

Making regulators’ lives easier.

  • Deeper dives through risk-based approach
  • Enhanced visibility of systemic and third-party risk
  • More consistent responses promote sector-wide views
  • Better cooperation among global supervisory agencies

Ecosystem

Bringing relief to the entire ecosystem.

  • Higher confidence in cybersecurity efficacy
  • Common language for the whole industry
  • Better understanding across sectors and borders
  • Collective action based on common threats
  • More innovation, thanks to standardized format to help prove security measures

Still have questions?

Speak directly to someone about the Profile. Send us a note and we’ll happily address your curiosities.
User Guide
Josh Magri

CRI President & Founder

Cybersecurity is rapidly evolving.

Financial institutions need a consistent, agile approach to counter widespread threats. That’s why we update the Profile regularly, with major revisions in 2-3 year cycles.

Over the next few years, we plan to augment the Profile with maturity ratings, operational resilience, and language translations. We’ll also create user guides, form alliance partnerships, and expand mappings into new international frameworks.

Profile FAQ

BACK TO TOP

Membership is open to all organizations within the financial services sector.
Learn about membership