Cyber IT Supervisory Forum eBook

Profile Structure The Profile augments NIST, ISO, IOSCO in three ways: 1) Dedicated TPRM Function 2) Diagnostic Statements • Distills numerous regulatory

provisions into a single, granular control objective

3) Impact Tiering

• Scales based on an institution’s impact on the global, national, and local economies • Scalable, extensible, flexible for future adaptations

The CRI Profile as an Example

Compliance Environment

The CRI Profile

Compliance

The CRI Profile incorporates over 2,500 cybersecurity-related state, federal, and international regulatory requirements…

…and harmonizes them into 318 diagnostic statements…

…allowing financial institutions to assess and demonstrate their regulatory compliance