0
19.1.0
Yokohama, Xanadu, Washington DC Patch 5, Washington DC Patch 3, Vancouver Patch 9
The Cyber Risk Institute (CRI) framework profile and CRI assessments assist customers in implementing the CRI framework to enhance cyber compliance management. This framework includes detailed diagnostic statements (control objectives aligned with NIST CSF 2.0) that map to financial services regulatory references (such as FS citations from FFIEC CAT and others).
As part of the Cyber Risk Institute's (CRI) Accelerator, customers can:
- Import a CRI profile containing relevant authority documents, citations, and control objectives based on NIST CSF.
- Streamline the risk management process with automated tiering and selection of CRI assessments, conducted using the smart assessment engine.
- Automatically create controls based on tier and generate a compliance score from the CRI assessment responses, which roll up to the entity level.
The Cyber Risk Institute (CRI) Accelerator enables financial service institutions to implement necessary controls tailored to their type and size, driving standardization to improve efficiency, enhance compliance, and reduce risk. The accelerator includes:
- A CRI profile that aligns with NIST CSF v2.0, containing detailed diagnostic statements (control objectives) and mapping to financial services regulatory references (FS citations).
- Out-of-the-box content is available for NIST CSF v2.0, FFIEC CAT, and the CRI Profile.
- Applicability across 4 tiers for different sizes of institutions.
- Automatic identification of CRI assessments based on tiering assessment results.
- Tiering and CRI assessments are performed using the smart assessment engine.
- Automatic creation of controls based on tiering results.
- Detailed instructions and guidance on recommended evidence for each question in the CRI assessment, with justification required.
- Automatic calculation of a compliance score based on CRI assessment responses, with the score rolling up to the entity level.
- Changed
- Security fixes
- Labels
The following GRC applications must be installed and activated:
- GRC: Policy and Compliance Management (com.sn_compliance)
- GRC: Compliance Management Workspace (com.sn_compliance_ws)
Permissions and roles:
- Role required to install the app: System Admin (admin)