0
22.3.1
Australia Patch 3, Australia, Zurich Patch 7, Zurich Patch 4, Zurich, Yokohama Patch 12, Yokohama Patch 9, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu
Standalone Application
The Cyber Risk Institute (CRI) consists of framework profile and assessments that enable organizations to strengthen cyber compliance management. This framework includes comprehensive diagnostic statements (control objectives) aligned with NIST CSF 2.0 and is mapped to financial services regulatory references, such as FS citations from Federal Financial Institutions Examination Council Cybersecurity Assessment Tool (FFIEC CAT).
With the Cyber Risk Institute (CRI) Accelerator offering, customers can:
- Import a CRI profile that includes relevant authority documents, citations, and control objectives based on NIST CSF.
- Streamline risk management with automated tiering and selection of CRI assessments, conducted using the smart assessment engine.
- Automate control creation based on the tier and generate a compliance score from the CRI assessment responses, which then roll up to the entity level.
The Cyber Risk Institute (CRI) Accelerator enables financial service institutions to implement appropriate controls tailored to their type and size. It drives standardization to improve efficiency, enhance compliance, and reduce risk.
The accelerator includes:
- A CRI profile that aligns with NIST CSF v2.0, containing detailed diagnostic statements (control objectives) and mapping to financial services regulatory references (FS citations).
- Out-of-the-box content for NIST CSF v2.0, FFIEC CAT, and the CRI Profile.
- Applicability across four tiers for institutions of different sizes.
- Automatic identification of CRI assessments based on tiering assessment results.
- Tiering and CRI assessments conducted using the smart assessment engine.
- Automatic creation of controls based on tiering results.
- Detailed guidance and instructions for each CRI assessment question, including recommended evidence and required justification.
- Automatic calculation of a compliance score based on CRI assessment responses, with scores rolled up to the entity level.
New
- Enabled versioning support for CRI tiering and assessments.
- Enhancements to query range ACLs:
- Consistent access control — All tables include standardized query range security ACLs. These ACLs ensure that authenticated users with appropriate read permissions can query records consistently across the platform.
- Seamless upgrade experience — New query ACL rules are installed automatically during upgrade, with no administrator action required. Automated upgrade scripts handle the transition, including detecting and processing previously customized ACLs to ensure existing processes continue without interruption.
Post-upgrade review for customized ACLs:
- If the instance includes administrator-modified query range ACLs, review those records after upgrade to confirm they align with the intended access policy.
The following GRC applications must be installed and activated:
- GRC: Policy and Compliance Management (com.sn_compliance)
- GRC: Compliance Management Workspace (com.sn_compliance_ws)
Permissions and roles:
- Role required to install the app: System Administrator (admin)