The Profile harmonizes over 3,000 regulatory expectations from around the world into less than 300 diagnostic statements.
The Profile has a diagnostic statement that calls for the implementation of intrusion detection and prevention capabilities.
For the largest of FIs, the Profile has almost 50% fewer questions to address than another widely used assessment tool by this sector.
Anecdotally, one FI cited a 35% average reduction in effort for their regulatory exams since adopting the Profile.
Since the Profile may be used as a shared baseline for examinations by different financial regulators, this allows FIs to deploy their resources more effectively for compliance work.
For the financial regulators, the widely adopted cyber control assessment framework in the Profile offers greater visibility into systemic risk across the financial sector and a common, consistent vocabulary, as well.
FIs have used the Profile with financial regulators in the Americas, Asia and Europe too.
Financial regulators or standards bodies that have recognized or acknowledged the Profile include the U.S. Treasury, FFIEC, Federal Reserve Board, National Institute of Standards and Technology, International Organization of Securities Commissions, European Union Agency for Cybersecurity and the Reserve Bank of New Zealand.
Working with its members, the CRI is responsible for curating and evolving the Profile to meet the needs of the financial sector.
Thousands of FIs have adopted the Profile, including some in the U.S. that have transitioned away from the FFIEC CAT. Outside of the U.S., where some firms may be reluctant to use the NIST Cybersecurity Framework, the Profile offers a viable alternative.
As its user base grows, the Profile will evolve with cybersecurity-related standards for emerging technologies and practices.
The CRI will release the Profile v2.0 early in 2024.
The CRI also offers the Cloud Profile, which is a collaboration with FIs and cloud service providers to ensure better communication about responsibilities.
The Cloud Profile extends the Profile to include contractual language and implementation guidance.
FIs that have not yet considered using the CRI Profile are encouraged to take a closer look.
Learn how the Profile may reduce the burden of your regulatory compliance activities and explore continuous controls monitoring and automation benefits.
With the Profile's 10x consolidation of regulatory expectations, an FI will realize a significant time and cost-savings in compliance activities overall.
Another example is a cloud security posture management tool that generates a CRI Profile compliance report for an FI's cloud estate.
With automation behind and aligned to the Profile's diagnostic statements, FIs can further reduce the effort required for exams and audits of cybersecurity risks.
Connect today with the Financial Services team of Palo Alto Networks to learn more on how we support the CRI Profile with automation and continuous controls monitoring to achieve measurable business impact across your risk, compliance and security teams.
This Cyber News was published on www.paloaltonetworks.com. Publication date: Tue, 12 Dec 2023 14:13:10 +0000