The CRI Profile v2.1 is a cybersecurity framework developed by the Cyber Risk Institute specifically for the financial sector, aimed at helping institutions efficiently manage and assess cyber risk while simplifying regulatory compliance.
Version 2.0 introduces significant enhancements, including expanded coverage of enterprise technology, third-party risk management, business continuity, and cloud security, reflecting the latest cybersecurity threats and regulatory expectations. It harmonizes over 2,500 regulatory requirements into just over 300 actionable control objectives, streamlining compliance and reducing complexity for institutions of all sizes. The framework aligns closely with NIST’s Cybersecurity Framework v2.0 (CSF 2.0), incorporates clear diagnostic statements, and offers tools for easier assessment, reporting, and periodic re-evaluation based on organizational changes. CRI Profile v2.0 is designed to serve as a common baseline for regulatory examinations, supporting a more resilient and adaptive financial sector.
In version 2.1 (15 Apr 2025à of the CRI Profile do not include any changes to the core structure or diagnostic statements. DORA requirements mapping have been added. The mappings have been moved to a separate Excel workbook called “CRI Profile ver. 2.1 Mappings Catalog,” allowing more frequent updates, with the only current mapping to NIST CSF version 2.0. The Examples of Effective Evidence (EEE) have been reorganized into subject-based EEE Packages linked to diagnostic statements, each containing multiple example evidence items.
Publication's URL
https://cyberriskinstitute.org/the-profile/Additional documents on this topic
- NIST IR 8374 Rev. 1 Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile
- NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile ★★★★★
- CIS Controls v8.1 Mapping to NIST CSF 2.0
- NIST CSF 2.0 Mapping to ISO 27002:2022
- CSA Cloud Controls Matrix (CCM) v4 ★★★★★