Prepare Your Approach.
Download the
CRI Profile v1.2
The CRI Profile is based on the National Institute of Standards and Technology’s (NIST) “Framework for Improving Critical Infrastructure Cybersecurity.” The Profile is an efficient approach to cybersecurity risk management that effectively counters the dynamic, evolving threat and provides adequate assurance to government supervisors.

The CRI Profile Workbook provides assistance with implementing the Profile.
DOWNLOAD FILE
The Profile User Guide offers an overview of the Profile and its benefits.
DOWNLOAD FILE
Determine which of the Profile’s 277 Diagnostic Statements apply to your organization.
DOWNLOAD FILE
CRI’s Cloud Profile is an extension of the CRI Profile resulting from collaboration with the Cloud Service Providers themselves. It provides actionable cloud security guidance for firms looking to implement or strengthen existing cloud technologies and operations.
The CRI Cloud Profile (v1.2) makes it easier for financial institutions and cloud service providers (CSPs) to protect the financial ecosystem in many ways. These include:
- Developing a mutual understanding of expectations between financial institutions and CSPs, and even control owners and cloud implementers within the same firm
- Helping all parties speak the same language
- Simplifying regulatory engagements, setting a baseline understanding of requirements and responsibilities between financial institution and CSPs
- Standardizing contractual terms and language, leading to efficiencies
- Highlighting key deployments for targeted analysis for cloud launch
- Addressing the full life cycle of the CSP and customer relationship
How it Works
The Profile is a framework.
- A cyber risk assessment made for and by the financial sector
- Based on the NIST Cybersecurity Framework
- Extended for the financial industry to address the focus of regulators on important governance and third-party issues
- Harmonizes 2,400+ regulatory expectations into 277 control objectives, called diagnostic statements
- Regularly updated to reflect the evolving cybersecurity regulatory landscape
- Receives global recognition from regulators and industry bodies
- Gives financial institutions one simple framework to rely on
- Provides regulators with a consistent and widely understood framework
73%
Reduction in questions for those firms qualifying as an Impact Tier 4 firm as compared to another widely used assessment
49%
Reduction in questions for those firms qualifying as an Impact Tier 1 firm as compared to another widely used assessment
The Profile scales to a firm’s impact on the global economy.
- Only nine questions to determine impact tier
- Fewer, more tailored assessment questions
- Based on systemic impact—not asset size
- Subsequent tier review provides roadmap for advanced security
73%
Reduction in questions for those firms qualifying as an Impact Tier 4 firm as compared to another widely used assessment
49%
Reduction in questions for those firms qualifying as an Impact Tier 1 firm as compared to another widely used assessment

Industry-Wide Harmony.
The Profile improves cybersecurity across the entire sector.

Institutions
Enabling institutions to focus on what matters most.
- More time for frontline defense
- More consistent regulation mapping for policies and procedures
- Better organization of complex risk management
- Improved internal progress tracking
- Better board engagement, prioritization, and funding
- Streamlined due diligence for third parties and M&A

Regulators
Regulators
- Improves assurance to regulators that firms are following leading practices
- Improves evidence gathering in examinations by having a well-organized framework

Ecosystem
Ecosystem
- Provides a commonly understood framework for third-parties and vendors
- As a vendor, fill out once and report out to many financial institutions
- Speak the same language as your customers
Still have questions?

Cybersecurity is rapidly evolving.
Built and maintained by Axio, CRI members have access to its CRI Profile SaaS offering for free. This enables CRI members to move out of spreadsheets and use an online tool for free to streamline the assessment and data gathering process.
CRI is also engaging other Governance, Risk and Compliance companies
to further build out the Profile’s availability.