I would like to know if if the Cyber Risk Institute framework v 2.0 is on the roadmap for an assessment/framework inside of control map?
https://cyberriskinstitute.org/cri-issues-profile-version-2-0/
This has been the choice of 2 of our FIs knowing that the FFIEC CAT will become obsolete this coming August. I am currently setting them up with NIST CSF 2.0 as the assessment control and we are using a manual excel spreadsheet to track CRI profile for them.
Thanks,