CRI Profile

TRAC's CRI Profile Module offers an efficient way to replace the FFIEC Cybersecurity Assessment Tool (CAT) with the Cyber Risk Institute’s CRI Profile. Built on a foundation of NIST CSF 2.0, the CRI Profile condenses more than 2,500 regulatory guidelines into a simple, easy-to-use assessment, providing a robust and dedicated alternative for financial institutions looking to replace the CAT.

A Financial Institution-Focused Cybersecurity Framework

While the NIST CSF 2.0 is the most well-known and broadly adopted framework in the World, one potential drawback for financial institutions is that it is also industry-agnostic. For those institutions seeking a CAT replacement that is more focused on the financial services industry, the CRI Profile is a great alternative. Using an Impact Tiering questionnaire, the CRI Profile customizes the control objectives based on the size and complexity of the institution. The control objectives themselves take into account more than 2,500 regulatory expectations, allowing users to meet compliance requirements, while also gaining a better and more holistic understanding of their risk posture.

Endorsed by the Cyber Risk Institute Document your current risk, reasoning, and planned improvements for all 318 diagnostic statements.

Effortlessly Measure and Improve Risk Levels User-friendly TRAC module that aligns with existing risk assessment tools, cross-module functionality, and robust reporting functions.

Always Up to Date

Our team of experts monitors any changes implemented by the CRI to ensure you always have access to the latest CRI Profile.

The flexibility of NIST or the financial focus of CRI? At this pivotal moment of the CAT sunsetting, the decision between the NIST Cybersecurity Framework and the Cyber Risk Institute (CRI) Profile isn’t just technical — it’s strategic. It’s about choosing the roadmap that best supports your mission, your risk posture, and your regulatory environment. Whether you choose the flexibility of NIST or the financial focus of CRI, rest assured that TRAC has you covered with basic and premium implementations of NIST and a fully licensed CRI Profile, endorsed by the Cyber Risk Institute.

Which One Is Right for You?

NIST CSF

CRI Profile

Recognition

The most widely adopted gold standard cybersecurity framework

Underpinned by NIST but built with financial regulators in mind

Flexibility

Universal framework, versatile across industries

Tailor-made for financial institutions for compliance confidence

Depth

High-level map for good cybersecurity practices

Turn-by-turn directions based on over 2500 regulatory exceptions

Audit-friendliness

Audit-adaptable with additional context

Exam-ready by design

Revisions

Only updated once in the 10 years prior to the 2024 version 2.0 release

Updated annually with new content. Major updates every 2-3 years.

Learn More

Request a Demo

The TRAC Ecosystem

TRAC adapts to your business needs with its suite of modules that can work independently or tightly manage your risk with intermodular operability.

TOUCH

Vendor Management

Vendor Management Manage all aspects of your vendor relationships effortlessly, and with transparency.Read More

TOUCH

IT Asset Management

IT Asset Management Comprehensive and quantifiable asset-based risk assessment with hundreds of industry-specific presets.Read More

TOUCH

Business Continuity Management (BCM)

Business Continuity Management (BCM) Simplify the creation and maintenance of your business continuity plan and processes with automated business impact analysis.Read More

TOUCH

Action Tracking

Action Tracking Centralized solution for creating and tracking security tasks and plans. Remain diligent with remediation and follow-up.Read More

TOUCH

Audit

Audit Comprehensive toolbox to create repeatable internal audits with full reporting and follow-up capabilities.Read More

TOUCH

Information Technology Risk Examination (InTREx)

Information Technology Risk Examination (InTREx) Spot security gaps and strengthen defenses before FDIC and FED examinations.Read More

TOUCH

Bank Secrecy Act (BSA)

Bank Secrecy Act (BSA) BSA risk assessment with industry-leading, predefined risk data, a list of controls to implement, and instant board-ready reports.Read More

TOUCH

Commercial Account Tracking (CATRAC)

Commercial Account Tracking (CATRAC) Identify risk and gain actionable information for your commercial accounts for transparent mitigation and security awareness.Read More

TOUCH

Compliance

Compliance Choose from over 70 predefined, industry-specific compliance areas to automate your compliance risk assessment.Read More

TOUCH

CRI Profile

CRI Profile A robust and dedicated framework for financial institutions, backed by the Cyber Risk Institute.
Read More

TOUCH

Enterprise Risk Management (ERM)

Enterprise Risk Management (ERM) Risk mitigation decisions based on your process data with trending risk scores and out-of-the-box industry templates.Read More

TOUCH

Information Security Program (ISP)

Information Security Program (ISP) Create and monitor your information security policy with a comprehensive list of templates and flexible customization options.Read More

TOUCH

NIST CSF

NIST CSF Practical guidance and automated reporting for effective implementation of the NIST Cybersecurity Framework.Read More

Consulting Services

Auditing Services

Cybersecurity Testing

Frustration-Free Risk Management

TRAC Modules

Other Products

Certifications for Managers

Certifications for Executives

Technical Certifications

Webinars

Speaking Engagements

Resources

Who We Are

Why Choose SBS?

CRI Profile

A Financial Institution-Focused Cybersecurity Framework

We'd Love to Show You

Choosing the Right Cybersecurity Framework with TRAC

Which One Is Right for You?

The TRAC Ecosystem

Clients Love TRAC!

Popular

Get More Information

Join a Webinar

Join Our Mailing List