Financial sector releases major profile update tied to NIST cybersecurity framework

The Cyber Risk Institute has updated its profile for the financial sector under the NIST cybersecurity framework to accommodate changes in “CSF 2.0” unveiled this week, adding in more detail on third party risk management and enhancements to make connections between guidance documents.

“Profile version 2.0 has been expanded to include enterprise technology, third-party risk management, and business continuity and resiliency, in addition to cybersecurity. This will assist financial institutions and examiners by reflecting the scope of typical regulatory examinations....