National Online Informative References Program OLIR

CRI-Profile-v2.0-to-CSF-v2.0 Informative Reference Details

NIST Cybersecurity Framework

Download Informative Reference Resource

https://CyberRiskInstitute.org/The-Profile/

Informative Reference Information

Status:
Final

Informative Reference Version:
1.0.0

Focal Document Version:
Cybersecurity Framework v2.0

Summary:

This document maps the Cyber Risk Institute (CRI) Profile ver. 2.0 to the NIST Cybersecurity Framework (CSF) ver. 2.0 using the NIST Online Informative References (OLIR) format. 

Target Audience:

This document is intended for information security professionals, primarily in the financial services sector, who are interested in understanding how the CRI Profile control objectives map to the NIST Cybersecurity Framework. 

Comprehensive:
No

Comments:

The CRI Profile is an extension of the NIST CSF developed by and for the financial services sector. The CRI Profile extends the NIST CSF's scope by targeting more specific coverage of enterprise technology/ICT, third-party risk management, and business continuity/resilience. The CRI Profile also extends the NIST CSF by including Diagnostic Statements that provide control objective detail below the subcategory level.

Point of Contact:
Josh Magri, Emily Beam, John Goodman

Category of Submitter:
Private Sector

Citations:

N/A

SHA3-256

F3C1686D45406C183C9C26EC87AF120FBDFF8CB0036C4188D13ACF143A51A86F

Authority

Owner

Reference Document Author:
Cyber Risk Institute

Reference Document:
CRI Profile Version 2.0

Reference Document Date:
02/14/2024

Reference Document URL:
https://CyberRiskInstitute.org/The-Profile/

Reference Developer:
Cyber Risk Institute (CRI)

Posted Date:
2024-03-28

Contacts

National Online Informative References Program
olir@nist.gov

Topics

Security and Privacy: testing & validation

Applications: cybersecurity framework

Created September 08, 2020, Updated June 30, 2025