0
21.0.1
Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu, Washington DC Patch 5, Washington DC Patch 3, Vancouver Patch 9
The Cyber Risk Institute (CRI) framework profile and CRI assessments help customers implement the CRI framework to strengthen cyber compliance management. This framework includes detailed diagnostic statements (control objectives) that align with NIST CSF 2.0. The framework is mapped to financial services regulatory references, such as FS citations from FFIEC CAT.
As part of the Cyber Risk Institute (CRI) Accelerator offering, customers can:
- Import a CRI profile that includes relevant authority documents, citations, and control objectives based on NIST CSF.
- Streamline risk management with automated tiering and selection of CRI assessments, conducted using the smart assessment engine.
- Automatically create controls based on the tier and generate a compliance score from the CRI assessment responses, which roll up to the entity level.
The Cyber Risk Institute (CRI) Accelerator enables financial service institutions to implement appropriate controls tailored to their type and size. It drives standardization to improve efficiency, enhance compliance, and reduce risk.
The accelerator includes:
- A CRI profile that aligns with NIST CSF v2.0, containing detailed diagnostic statements (control objectives) and mapping to financial services regulatory references (FS citations).
- Out-of-the-box content for NIST CSF v2.0, FFIEC CAT, and the CRI Profile.
- Applicability across 4 tiers for different sizes of institutions.
- Automatic identification of CRI assessments based on tiering assessment results.
- Tiering and CRI assessments conducted using the smart assessment engine.
- Automatic creation of controls based on tiering results.
- Detailed guidance and instructions for each CRI assessment question, including recommended evidence and required justification.
- Automatic calculation of a compliance score based on CRI assessment responses, with scores rolled up to the entity level.
- Changed
- Smart assessment updates for CRI and Tiering assessments to support the introduction of a new reference field called "purpose."
The following GRC applications must be installed and activated:
- GRC: Policy and Compliance Management (com.sn_compliance)
- GRC: Compliance Management Workspace (com.sn_compliance_ws)
Permissions and roles:
- Role required to install the app: System Administrator (admin)