The CRI Profile v2.1 is a cybersecurity framework developed by the Cyber Risk Institute specifically for the financial sector, aimed at helping institutions efficiently manage and assess cyber risk while simplifying regulatory compliance.
Version 2.0 introduces significant enhancements, including expanded coverage of enterprise technology, third-party risk management, business continuity, and cloud security, reflecting the latest cybersecurity threats and regulatory expectations. It harmonizes over 2,500 regulatory requirements into just over 300 actionable control objectives, streamlining compliance and reducing complexity for institutions of all sizes. The framework aligns closely with NIST’s Cybersecurity Framework v2.0 (CSF 2.0), incorporates clear diagnostic statements, and offers tools for easier assessment, reporting, and periodic re-evaluation based on organizational changes. CRI Profile v2.0 is designed to serve as a common baseline for regulatory examinations, supporting a more resilient and adaptive financial sector.
In version 2.1 (15 Apr 2025à of the CRI Profile do not include any changes to the core structure or diagnostic statements. DORA requirements mapping have been added. The mappings have been moved to a separate Excel workbook called “CRI Profile ver. 2.1 Mappings Catalog,” allowing more frequent updates, with the only current mapping to NIST CSF version 2.0. The Examples of Effective Evidence (EEE) have been reorganized into subject-based EEE Packages linked to diagnostic statements, each containing multiple example evidence items.
Publication's URL
URL: https://cyberriskinstitute.org/the-profile/Publication's scorecard
Country: USA
Scope: Cyber
Typology: Framework
Publication's date: April 15, 2025
Category: Control Framework
Sector: Finance
Rating:
(1 votes, average: 4.00 out of 5)
Loading...