Your InfoSec Governance Operating System
Portal Login
Framework

CRI Profile (Cyber Risk Institute) --- Cyber Risk Institute Profile

The CRI Profile provides diagnostic statements aligned to the NIST Cybersecurity Framework (CSF) for financial services and other regulated organizations.

View sample proof pack Request a demo
Access controls
Roles, approvals, and audit trails
Scoped credentials
Least-privilege access where supported
Access logging
Export and sharing audit trails
Encryption
At rest and in transit

Summary

Framework mapping summary

Catalog entry
Type: Framework
Publisher: Cyber Risk Institute
Versions: 1
Coverage (representative version)
Requirements
318
Mapped controls
84
Evidence specs
205
Automation tests
18
Notes

Cyber Risk Institute (CRI) Profile v2.1 diagnostic statements mapped to Aurora controls. Diagnostic statement enumeration is based on the CRI public Profile v2.0 workbook; CRI indicates v2.1 adds additional mappings but does not change the underlying diagnostic statements.

Versions

Supported versions and coverage stats

Aurora's catalog can include multiple published versions of a standard or regulation. Select the version that matches your reviewer request.

v2.1
View source
Requirements
318
Mapped controls
84
Evidence specs
205
Automation tests
18

Exports

Framework mapping is only useful when it produces proof.

Aurora uses framework mappings to scope work, attach evidence, and export reviewer-ready deliverables.

Scope and control mapping
  • Map requirements to Aurora controls
  • Assign owners and approval gates
  • Keep decisions tied to exports
Evidence and freshness
  • Attach artifacts to controls and answers
  • Track capture dates and expiration
  • Export binder-ready folders with provenance
Reviewer-ready exports
  • Generate proof packs and binder exports
  • Produce point-in-time snapshots for assessment windows
  • Keep citations attached so reviewers can verify
Controlled sharing
  • Share curated artifacts through a Trust Center
  • Gate access with tier rules and agreements
  • Export access logs for audit trails

Next step

See how this maps to your next reviewer request

Use exports to align on scope
Start with the deliverable reviewers accept, then map backward to the controls and evidence you need.
Bring one request, get a plan
We will map the shortest path: required controls, evidence objects, integrations, and the export format reviewers expect.
Request a demo

FAQ

FAQ

Does this mean Aurora certifies us?
No. Aurora helps you map requirements to controls and export proof. Certification decisions remain with your auditors and certification bodies.
Can we run multiple frameworks in one system?
Yes. Aurora is designed for reusable control mapping and evidence so you can expand without redoing work.
Can we start without integrations?
Yes. Manual uploads and mapping work on day one, and you can add connectors on your schedule.
Next step
Want a proof pack for your framework?
View the export formats first, then we will map the shortest path to reviewer-ready proof.
View sample proof packRequest a demo
Have a deadline? Tell us. We can prioritize export-ready proof.