Skip to content
Home / Function (NIST CSF 2.0) / ID - Identify / RA - Risks Asst / Controls

CRI Cyber Risk Institute Profile for Financial Sector v2.1

This document focuses on:

The CRI Profile v2.1 is a cybersecurity framework developed by the Cyber Risk Institute specifically for the financial sector, aimed at helping institutions efficiently manage and assess cyber risk while simplifying regulatory compliance.

Version 2.0 introduces significant enhancements, including expanded coverage of enterprise technology, third-party risk management, business continuity, and cloud security, reflecting the latest cybersecurity threats and regulatory expectations. It harmonizes over 2,500 regulatory requirements into just over 300 actionable control objectives, streamlining compliance and reducing complexity for institutions of all sizes. The framework aligns closely with NIST’s Cybersecurity Framework v2.0 (CSF 2.0), incorporates clear diagnostic statements, and offers tools for easier assessment, reporting, and periodic re-evaluation based on organizational changes. CRI Profile v2.0 is designed to serve as a common baseline for regulatory examinations, supporting a more resilient and adaptive financial sector.

In version 2.1 (15 Apr 2025à of the CRI Profile do not include any changes to the core structure or diagnostic statements. DORA requirements mapping have been added. The mappings have been moved to a separate Excel workbook called “CRI Profile ver. 2.1 Mappings Catalog,” allowing more frequent updates, with the only current mapping to NIST CSF version 2.0. The Examples of Effective Evidence (EEE) have been reorganized into subject-based EEE Packages linked to diagnostic statements, each containing multiple example evidence items.


Publication's URL

https://cyberriskinstitute.org/the-profile/

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *