0
21.1.0
Zurich Patch 4, Zurich, Yokohama Patch 9, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu, Washington DC Patch 5, Washington DC Patch 3, Vancouver Patch 9
The Cyber Risk Institute (CRI), consisting of its framework profile and assessments, enables organizations to strengthen cyber compliance management. This framework features detailed diagnostic statements (control objectives) aligned with NIST CSF 2.0 and is mapped to financial services regulatory references, such as FS citations from Federal Financial Institutions Examination Council Cybersecurity Assessment Tool (FFIEC CAT).
With the Cyber Risk Institute (CRI) Accelerator offering, customers can:
- Import a CRI profile that includes relevant authority documents, citations, and control objectives based on NIST CSF.
- Streamline risk management with automated tiering and selection of CRI assessments, conducted using the smart assessment engine.
- Automate control creation based on the tier and generate a compliance score from the CRI assessment responses, which then roll up to the entity level.
The Cyber Risk Institute (CRI) Accelerator enables financial service institutions to implement appropriate controls tailored to their type and size. It drives standardization to improve efficiency, enhance compliance, and reduce risk.
The accelerator includes:
- A CRI profile that aligns with NIST CSF v2.0, containing detailed diagnostic statements (control objectives) and mapping to financial services regulatory references (FS citations).
- Out-of-the-box content for NIST CSF v2.0, FFIEC CAT, and the CRI Profile.
- Applicability across four tiers for institutions of different sizes.
- Automatic identification of CRI assessments based on tiering assessment results.
- Tiering and CRI assessments conducted using the smart assessment engine.
- Automatic creation of controls based on tiering results.
- Detailed guidance and instructions for each CRI assessment question, including recommended evidence and required justification.
- Automatic calculation of a compliance score based on CRI assessment responses, with scores rolled up to the entity level.
Fixed
-
- Added a read-only attribute to the read-only field 'CRI Tier' in Control objective table to enhance security.
The following GRC applications must be installed and activated:
- GRC: Policy and Compliance Management (com.sn_compliance)
- GRC: Compliance Management Workspace (com.sn_compliance_ws)
Permissions and roles:
- Role required to install the app: System Administrator (admin)