Determine your CRI impact tier
The Cyber Risk Institute (CRI) Profile is quickly becoming the new cybersecurity baseline for the financial sector. It replaces the FFIEC Cybersecurity Assessment Tool (CAT), which was retired in August 2025.
The CRI Profile offers a clear, regulator-backed way to understand and demonstrate your security posture. It recognizes that not all institutions carry the same level of systemic risk—so you only need to show controls that match your risk level, based on your designated impact tier (1–4).
Download this assessment to:
- Learn how CRI defines each impact tier
- Identify your institution’s impact tier
.png)
.png)
Determine your CRI impact tier
The Cyber Risk Institute (CRI) Profile is quickly becoming the new cybersecurity baseline for the financial sector. It replaces the FFIEC Cybersecurity Assessment Tool (CAT), which was retired in August 2025.
The CRI Profile offers a clear, regulator-backed way to understand and demonstrate your security posture. It recognizes that not all institutions carry the same level of systemic risk—so you only need to show controls that match your risk level, based on your designated impact tier (1–4).
Download this assessment to:
- Learn how CRI defines each impact tier
- Identify your institution’s impact tier
Determine your CRI impact tier
The Cyber Risk Institute (CRI) Profile is quickly becoming the new cybersecurity baseline for the financial sector. It replaces the FFIEC Cybersecurity Assessment Tool (CAT), which was retired in August 2025.
The CRI Profile offers a clear, regulator-backed way to understand and demonstrate your security posture. It recognizes that not all institutions carry the same level of systemic risk—so you only need to show controls that match your risk level, based on your designated impact tier (1–4).
Download this assessment to:
- Learn how CRI defines each impact tier
- Identify your institution’s impact tier
The security and compliance platform trusted by more than [customer_count] customers.
Vanta helps automate audit prep by pulling real evidence from 400+ continuously monitored integrations.
Real-time monitoring
Maintain your security posture with our continuous monitoring. Receive alerts and use our task-tracker integrations to stay on top of fixes.
.webp)
.avif)
Centralized source of truth
Build a 360° ecosystem of trust to monitor employees, assets, partners, and vendors. Leverage our pre-built integrations or the Vanta API to gain a holistic view of your security program.
Efficient audits
Automate evidence collection, collaborate with auditors in real time, and stay audit-ready with continuous monitoring, cutting audit prep time by 82%.
.webp)
Explore the Vanta platform
Determine your CRI impact tier
The Cyber Risk Institute (CRI) Profile is quickly becoming the new cybersecurity baseline for the financial sector. It replaces the FFIEC Cybersecurity Assessment Tool (CAT), which was retired in August 2025.
The CRI Profile offers a clear, regulator-backed way to understand and demonstrate your security posture. It recognizes that not all institutions carry the same level of systemic risk—so you only need to show controls that match your risk level, based on your designated impact tier (1–4).
Download this assessment to:
- Learn how CRI defines each impact tier
- Identify your institution’s impact tier
Download
Interested in learning more about Vanta?
%201%20(1).svg){kind=icon}
%201.svg){kind=icon}
