Latest news with #CRIProfile
Business Journals
08-05-2025
- Business
- Business Journals
These tools can help financial institutions better manage their cybersecurity risks
On Sept. 5, 2024, the Federal Financial Institutions Examination Council (FFIEC) announced it would sunset its Cybersecurity Assessment Tool (CAT) on Aug. 31, 2025. CAT was released in June 2015 as a voluntary assessment tool to help financial institutions identify their risks and determine their cybersecurity preparedness. Although the current controls addressed in the CAT are sound cybersecurity practices, the FFIEC notes that the decision to sunset arose from new and updated government and industry resources that financial institutions can use to better manage cybersecurity risks. As a result, financial institutions will need to adopt a new framework to assess their cybersecurity environment. The FFIEC does not explicitly endorse the use of any tool and mentions the use of industry-developed resources, including — but not limited to — the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, the Center for Internet Security (CIS) Critical Security Controls, and Cyber Risk Institute's (CRI) Cyber Profile (the Profile). The NIST CSF 2.0 provides guidance to organizations of all sizes and sectors to manage cybersecurity risks. It is organized around six core functions — govern, identify, protect, detect, respond and recover — that result in 108 controls. These functions offer a comprehensive approach to understanding, assessing, prioritizing, and communicating cybersecurity efforts. The framework does not prescribe specific actions but links to resources that provide additional guidance on practices and controls to help achieve desired outcomes. This flexibility allows organizations to tailor the framework to their unique needs and maturity levels. The CIS Critical Security Controls are a set of best practices designed to help organizations improve their cybersecurity posture. These controls are prescriptive, prioritized, and simplified, making them accessible and actionable for organizations of all sizes. The latest version, CIS Controls v8.1, includes 18 top-level controls, each with specific safeguards to address various aspects of cybersecurity. The CRI Profile was created through public and private collaboration, pulling from global regulations and cybersecurity standards, such as the International Standards Organization and NIST CSF. The Profile's framework of 318 diagnostic statements for financial institutions to rely on is based on more than 2,500 regulatory, official guidance and other supervisory provisions worldwide. The number of diagnostic statements to comply with depends on your impact on the global, national, sector, or local market if a cybersecurity event substantially impacted you. The CRI provides nine questions to help you determine which of four tiers your organization is in. In addition, the CRI Profile provides a mapping to the CAT, which can allow your institution to begin to transfer over your current framework into the CAT. However, the CRI Profile to the CAT is not a one-to-one transfer, and the items that are mapped up do not have the same language as the CAT and will require further assessment. Organizations utilizing this framework that want to transfer over the mapped items should be cognizant that the requirements of CAT can be insufficient for today's landscape. The items transferred over can be a great starting point, but it is important to review the new language and identify any additional gaps that need to be addressed to help ensure you are complying with the CRI Profile. While the FFIEC does not endorse the use of one framework over another, of the recommended frameworks the FFIEC recommends as a replacement for CAT, only the CRI Profile was specifically curated for financial institutions, has a direct mapping to the CAT for an easier transition, and the scope of the framework is customized based on your impact score. While the CAT is not set to retire until Aug. 31, 2025, it's important to begin planning your transition as soon as possible to decide which framework best suits your organization's needs; determine resources needed to complete the migration, including time and monetary; and identify potential control gaps that will need to be addressed. If your organization needs assistance migrating to any of these new frameworks, please contact a professional at Forvis Mazars. Forvis Mazars, LLP is an independent member of Forvis Mazars Global, a leading global professional services network. Ranked among the largest public accounting firms in the United States, the firm's 7,000 dedicated team members provide an Unmatched Client Experience® through the delivery of assurance, tax, and consulting services for clients in all 50 states and internationally through the global network.
Yahoo
03-04-2025
- Business
- Yahoo
SmartSuite Unveils Partnership With Cyber Risk Institute to Deliver CRI Profile for U.S. Banks' Compliance Needs
Streamlining Regulatory Compliance for Financial Institutions in the Wake of FFIEC Cybersecurity Assessment Tool (CAT) Discontinuation NEWPORT BEACH, Calif., April 03, 2025--(BUSINESS WIRE)--SmartSuite, a leading provider of Governance, Risk, and Compliance (GRC) solutions, is proud to announce its partnership with the Cyber Risk Institute (CRI) as part of its Innovator Program. This collaboration will empower U.S. banks of all sizes – both small and medium-sized institutions, as well as those with assets above $10 billion – to seamlessly comply with the CRI Profile. This partnership comes at a critical time for the financial industry, following the discontinuation of the FFIEC Cybersecurity Assessment Tool (CAT) in 2024. With the FFIEC CAT sunsetting in August 2025, financial institutions must find an alternative way to continue demonstrating compliance with essential regulatory requirements and diagnostic statements. To fill this gap, SmartSuite and CRI are delivering an innovative, scalable platform that empowers banks to navigate the shifting regulatory landscape with confidence while ensuring seamless compliance with banking requirements. At the core of this solution is the CRI Profile, developed by the Cyber Risk Institute. Built on the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity, now known as the NIST Cybersecurity Framework 2.0, the CRI Profile provides a standardized, efficient approach to cybersecurity risk management. By aligning with this framework, financial institutions can proactively address emerging threats while ensuring that government supervisors have the necessary oversight and assurance. "At the Cyber Risk Institute, our mission is to help financial institutions navigate cybersecurity compliance through the Profile – built for and by financial institutions. We are thrilled to welcome SmartSuite as an Innovator in our program, providing financial institutions with a seamless way to adopt the CRI Profile while leveraging automation to enhance efficiency," said Josh Magri, CEO of the Cyber Risk Institute. "SmartSuite streamlines compliance workflows, and now with the CRI Profile in SmartSuite, banks can more confidently meet evolving regulatory expectations." Reshaping the Future of GRC SmartSuite is a trailblazer in the Governance, Risk, and Compliance (GRC) space, providing an intuitive, no-code work management platform that simplifies complex regulatory requirements. By combining automation, structured workflows, and real-time visibility, SmartSuite empowers organizations to seamlessly manage risk, streamline compliance processes, and adapt to regulatory changes with ease. Trusted by businesses of all sizes, SmartSuite is redefining how companies approach GRC, making the compliance process more efficient, and ensuring financial institutions can seamlessly adopt the CRI Profile and track their compliance with ease. Key benefits include: User-Friendly Compliance Tracking: A structured and intuitive platform to manage diagnostic statements and compliance activities. Scalability for Banks of All Sizes: The scalable platform is built to support financial institutions of all sizes, from small community banks to large organizations exceeding $10 billion in assets. Automated Workflows: Reminders, assignments, and review cycles ensure compliance activities remain on track. Centralized Evidence Management: Securely attach and link supporting documentation to diagnostic statements. Real-Time Compliance Monitoring: Custom dashboards provide instant visibility into compliance progress and risk areas. "At SmartSuite, we believe compliance should be simple, automated, and accessible to all financial institutions, regardless of their size. Our no-code, easy-to-use platform empowers compliance managers and CISOs to seamlessly navigate the CRI Profile and automate all GRC processes with ease," added Jon Darbyshire, CEO of SmartSuite. "By eliminating complexity and providing intuitive, assignable workflows, SmartSuite enables banks to achieve and maintain compliance without the expense and complexity of adapting legacy GRC solutions to accommodate new compliance requirements." Michael Rasmussen, GRC Analyst Pundit at GRC 20/20 Research and CEO of GRC Report added, "The partnership between SmartSuite and the Cyber Risk Institute addresses a critical need in today's evolving regulatory environment. As banks transition away from the FFIEC Cybersecurity Assessment Tool (CAT), the integration of the CRI Profile into SmartSuite's intuitive and agile GRC platform is both timely and essential. SmartSuite's no-code, configurable architecture enables all financial institutions –including small to medium-sized banks – to manage compliance seamlessly, automate complex workflows, and maintain real-time oversight of cybersecurity risks. This collaboration demonstrates the proactive approach needed in an era of increasing cybersecurity threats and regulatory change." About SmartSuite SmartSuite is a modern, flexible GRC platform that helps organizations manage compliance, risk, and security frameworks efficiently. With a focus on automation, ease of use, and seamless collaboration, SmartSuite empowers banks to maintain regulatory compliance with minimal complexity. For more information on how SmartSuite and the Cyber Risk Institute are revolutionizing compliance for financial institutions, visit or contact Tara Darbyshire at tara@ About Cyber Risk Institute The Cyber Risk Institute (CRI) is a leading cybersecurity standards organization dedicated to enhancing the security and compliance capabilities of financial institutions. The CRI Profile, developed in collaboration with financial industry leaders, provides a standardized approach to cybersecurity compliance. View source version on Contacts Abby O'MalleyAccount DirectorMarketbridge PR for SmartSuiteaomalley@ Sign in to access your portfolio
