Membership
Strengthen your cybersecurity program with practical tools & Research
We believe organizations are facing similar cybersecurity threats. Therefore, it is our mission to provide tools and research to help organizations understand what they should do to stop those threats so they can focus their energy on implementing those safeguards rather than figuring out what they should be.
Cybersecurity Research
Customizable cybersecurity documentation & Templates
Access our comprehensive library of cybersecurity templates and tools to accelerate your organization’s cybersecurity program. Some of our most popular templates include:
- Program Charter
- Board Level Policy
- Cybersecurity Policies
- Audit Framework
- Annual Audit Plan
- & More!
Cybersecurity Standards & Regulations Database
Database of Cybersecurity Standards and Regulations
Access our queryable database of the most popular cybersecurity standards, frameworks, and regulations to ensure program compliance.
- Mapping Tool
- Threat Model
- Audit Checklists
- Safeguards Explorer
- Standards Scorecard
- & More!
Online Assessment Tool
Measure your cybersecurity posture through our web assessment tool
Leverage our web-based cybersecurity assessment tool to conduct comprehensive assessments of your organization’s cybersecurity defenses. This tool helps you quickly identify strengths and vulnerabilities, providing a streamlined and efficient alternative to traditional Excel-based assessments.
API Access
Access the CRF Safeguards & CRF Threat Taxonomy via API
Programmatically interact with CRF cybersecurity resources via our Application Programming Interface (API). Use the API to integrate the CRF Safeguards or CRF Threat Taxonomy into your custom software applications or Governance, Risk, and Compliance (GRC) engine.
Schedule a demo
Enterprise MemberUnrestricted access to our assessment tool, research, and resources.
$4,995 Sign Up
/year |
CRF Governance and Risk Model |
|||
|
CRF Governance and Risk Model (PDF)
A comprehensive guide to understanding and implementing the CRF Governance and Risk Model in PDF format. |
✓ | ✓ | ✓ |
|
CRF Governance and Risk Model (DOCX)
Editable DOCX format of the CRF Governance and Risk Model for customization and integration into your own documentation. |
✗ | ✓ | ✓ |
|
CRF Governance and Risk Model (Markdown)
Markdown version for easy integration with various version control systems and technical documentation platforms. |
✗ | ✓ | ✓ |
CRF Threat Taxonomy |
|||
|
CRF Threat Taxonomy (PDF)
Detailed PDF guide on the CRF Threat Taxonomy, categorizing and explaining cyber threats systematically. |
✓ | ✓ | ✓ |
|
CRF Threat Taxonomy (DOCX)
Customizable DOCX version of the CRF Threat Taxonomy for organizations to adapt and expand upon. |
✗ | ✓ | ✓ |
|
CRF Threat Taxonomy (Markdown)
Markdown format of the CRF Threat Taxonomy for easy use in collaborative and version-controlled environments. |
✗ | ✓ | ✓ |
CRF Safeguards Catalog |
|||
|
CRF Safeguards Catalog (PDF)
A detailed PDF version of the CRF Safeguards Catalog, providing a comprehensive list of cybersecurity Safeguards and practices. |
✓ | ✓ | ✓ |
|
CRF Safeguards Catalog (DOCX)
Editable DOCX format of the CRF Safeguards Catalog for organizations to customize according to their specific needs. |
✗ | ✓ | ✓ |
|
CRF Safeguards Catalog (Markdown)
Markdown version of the CRF Safeguards Catalog for easy integration with version control and documentation systems. |
✗ | ✓ | ✓ |
|
CRF Safeguards Catalog (XLSX)
Excel format of the CRF Safeguards Catalog, ideal for organizations looking for a sortable and filterable format for analysis and reporting. |
✓ | ✓ | ✓ |
CRF Audit Framework |
|||
|
CRF Audit Framework (PDF)
Comprehensive PDF guide to the CRF Audit Framework, detailing the structured approach to cybersecurity audits and compliance checks. |
✓ | ✓ | ✓ |
|
CRF Audit Framework (DOCX)
DOCX version of the CRF Audit Framework for organizations to adapt and use for internal and external audit processes. |
✗ | ✓ | ✓ |
|
CRF Audit Framework (Markdown)
Markdown version for the CRF Audit Framework, facilitating easy sharing and collaboration on audit documentation. |
✗ | ✓ | ✓ |
|
CRF Audit Framework Audit Plan Template (XLSX)
Template to assist organizations in creating detailed audit plans based on the CRF Audit Framework principles. |
✗ | ✓ | ✓ |
Cybersecurity Governance Templates |
|||
|
CRF Maturity Model (PDF)
A detailed framework to assess and enhance the cybersecurity maturity levels within an organization. (PDF version) |
✓ | ✓ | ✓ |
|
CRF Maturity Model (MD)
A detailed framework to assess and enhance the cybersecurity maturity levels within an organization. (Markdown Version) |
✗ | ✓ | ✓ |
|
CRF Maturity Model (DOCX)
A detailed framework to assess and enhance the cybersecurity maturity levels within an organization. (Microsoft Word Version) |
✗ | ✓ | ✓ |
|
Cybersecurity Program Charter Template (PDF)
Template to help organizations formalize the scope, objectives, and responsibilities of their cybersecurity program. (PDF Version) |
✗ | ✓ | ✓ |
|
Cybersecurity Program Charter Template (MD)
Template to help organizations formalize the scope, objectives, and responsibilities of their cybersecurity program. (Markdown Version) |
✗ | ✓ | ✓ |
|
Cybersecurity Program Charter Template (DOCX)
Template to help organizations formalize the scope, objectives, and responsibilities of their cybersecurity program. (Microsoft Word Version) |
✗ | ✓ | ✓ |
|
Cybersecurity Policy Library Templates
A set of templates to assist organizations in developing comprehensive cybersecurity policies tailored to their needs. |
✗ | ✓ | ✓ |
|
Cybersecurity Audit Checklist Templates
Checklist templates to guide organizations through comprehensive cybersecurity audits, ensuring all critical areas are reviewed. |
✗ | ✓ | ✓ |
MS Excel Assessment Tools |
|||
|
CRF Safeguards Assessment Tool (XLSX)
Excel-based tool for organizations to conduct self-assessments of their cybersecurity safeguards against CRF guidelines. |
✓ | ✓ | ✓ |
|
NIST CSF v1.1 Assessment Tool (XLSX)
Excel-based tool for organizations to conduct self-assessments of their cybersecurity safeguards against NIST CSF v1.1 guidelines. |
✗ | ✓ | ✓ |
|
NIST CSF v2.0 Assessment Tool (XLSX)
Excel-based tool for organizations to conduct self-assessments of their cybersecurity safeguards against NIST CSF v2.0 guidelines. |
✗ | ✓ | ✓ |
|
NYDFS NYCRR 500 Assessment Tool (XLSX)
Excel-based tool for organizations to conduct self-assessments of their cybersecurity safeguards against NYDFS NYCRR 500 guidelines. |
✗ | ✓ | ✓ |
|
CIS 7.1 Assessment Tool (XLSX)
Excel-based tool for organizations to conduct self-assessments of their cybersecurity safeguards against CIS 7.1 guidelines. |
✗ | ✓ | ✓ |
|
CIS 8.0 Assessment Tool (XLSX)
Excel-based tool for organizations to conduct self-assessments of their cybersecurity safeguards against CIS 8.0 guidelines. |
✗ | ✓ | ✓ |
| ✓ | ✓ | ✓ | |
|
Univ of California Policy IS-3 (XLSX)
Excel-based tool for organizations to conduct self-assessments of their cybersecurity safeguards against Univ of California Policy IS-3 guidelines. |
✗ | ✓ | ✓ |
Web Assessment Tool |
|||
|
Web Assessment Projects
A secure, online auditing tool that enables you to assess your own security posture. |
✗ | Unlimited of Member's Company | Unlimited of Member's Company |
|
CRF-S Assessment Results
All paid members will be able to view the results of their assessments based off the CRF Safeguards |
✗ | ✓ | ✓ |
|
Sub Accounts
Enterprise members are allowed to add up to 10 subaccounts to your organization so that you may work on projects together. More available with purchase. |
✗ | ✗ | 10 |
|
NIST CSF v1.1 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the NIST CSF v1.1 Safeguards |
✗ | ✗ | ✓ |
|
NIST CSF v2.0 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the NIST CSF v2.0 Safeguards |
✗ | ✗ | ✓ |
|
ISO 27002:2013 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the ISO 27002:2013 Safeguards |
✗ | ✗ | ✓ |
|
ISO 27002:2022 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the ISO 27002:2022 Safeguards |
✗ | ✗ | ✓ |
|
CIS 7.1 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CIS 7.1 Safeguards |
✗ | ✗ | ✓ |
|
CIS 8.0 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CIS 8.0 Safeguards |
✗ | ✗ | ✓ |
|
CIS 8.1 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CIS 8.1 Safeguards |
✗ | ✗ | ✓ |
|
NYDFS NYCRR 500 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the NYDFS NYCRR 500 Safeguards |
✗ | ✗ | ✓ |
|
FCA RM 2024 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the FCA RM 2024 Safeguards |
✗ | ✗ | ✓ |
|
UC Policy IS-3 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the UC Policy IS-3 Safeguards |
✗ | ✗ | ✓ |
API Access |
|||
|
CRF Safeguards Catalog API
An API providing programmatic access to the CRF Safeguards Catalog, enabling dynamic integration with IT security tools and systems. |
✗ | ✓ | ✓ |
|
CRF Threat Taxonomy API
Enables direct access to our threat catalog through an API, facilitating the integration of threats into cybersecurity frameworks and tools. |
✗ | ✗ | ✓ |
Membership Scope |
|||
|
Acceptable Use
Membership Scope defines how CRF resources can be used in accordance with our Terms of Service. Resources are intended for internal cybersecurity efforts within the registered organization and may not be resold, redistributed, or incorporated into commercial products or services. |
All resources can be used to support the internal cybersecurity efforts of the organization registering for the resource. Resources may not be used as a part of products or services sold to other organizations. | All resources can be used to support the internal cybersecurity efforts of the member's organization. Resources may not be used as a part of products or services sold to other organizations. | All resources can be used to support the internal cybersecurity efforts of the member's organization. Resources may not be used as a part of products or services sold to other organizations. |
| Explore | Request Demo | Request Demo |