Membership
Strengthen your cybersecurity program with practical tools & Research
We believe organizations are facing similar cybersecurity threats. Therefore, it is our mission to provide tools and research to help organizations understand what they should do to stop those threats so they can focus their energy on implementing those safeguards rather than figuring out what they should be.
Cybersecurity Research
Customizable cybersecurity documentation & Templates
Access our comprehensive library of cybersecurity templates and tools to accelerate your organization’s cybersecurity program. Some of our most popular templates include:
- Program Charter
- Board Level Policy
- Cybersecurity Policies
- Audit Framework
- Annual Audit Plan
- & More!
Cybersecurity Standards & Regulations Database
Database of Cybersecurity Standards and Regulations
Access our queryable database of the most popular cybersecurity standards, frameworks, and regulations to ensure program compliance.
- Mapping Tool
- Threat Model
- Audit Checklists
- Safeguards Explorer
- Standards Scorecard
- & More!
Online Assessment Tool
Measure your cybersecurity posture through our web assessment tool
Leverage our web-based cybersecurity assessment tool to conduct comprehensive assessments of your organization’s cybersecurity defenses. This tool helps you quickly identify strengths and vulnerabilities, providing a streamlined and efficient alternative to traditional Excel-based assessments.
API Access
Access the CRF Safeguards & CRF Threat Taxonomy via API
Programmatically interact with CRF cybersecurity resources via our Application Programming Interface (API). Use the API to integrate the CRF Safeguards or CRF Threat Taxonomy into your custom software applications or Governance, Risk, and Compliance (GRC) engine.
Schedule a demo
Enterprise MemberUnrestricted access to our assessment tool, research, and resources.
$4,995 Sign Up
/year |
Customizable Resources |
||
|
CRF Business Case
Cybersecurity is crucial in the digital age, serving as a strategic imperative that ensures operational continuity, protects financial assets, and maintains an organization's reputation. The CRF's Business Case demonstrates why proactive cybersecurity measures are fundamental to daily business operations. |
✓ | ✓ |
|
CRF Governance and Risk Model
A comprehensive guide to understanding and implementing the CRF Governance and Risk Model. Available in PDF, DOCX, and MD formats for maximum flexibility and customization to your organization's needs. |
✓ | ✓ |
|
CRF Threat Taxonomy
A detailed guide systematically categorizing and explaining cyber threats to help organizations understand and prepare for potential risks. Available in PDF, DOCX, and MD formats to suit your documentation needs. |
✓ | ✓ |
|
CRF Maturity Model
A detailed framework to assess and enhance your organization's cybersecurity maturity levels. Includes assessment criteria and improvement roadmaps, available in PDF, DOCX, and MD formats for easy integration with your documentation. |
✓ | ✓ |
|
CRF Safeguards Catalog
A comprehensive list of cybersecurity safeguards and best practices. Includes detailed implementation guidance and comes in PDF, DOCX, MD, and XLSX formats, with the Excel version offering advanced sorting and filtering capabilities. |
✓ | ✓ |
|
CRF Small Business Plan
The CRF's Small Business Plan (CRF-SBP) is a comprehensive resource designed to help small businesses strengthen their cybersecurity posture and can serve as a template for creating your own internal policies. This plan provides a structured approach to protecting sensitive information, ensuring business continuity, and aligning security measures with business objectives. By implementing the CRF-SBP, small businesses can mitigate risks and safeguard their operations against the evolving threat landscape. |
✓ | ✓ |
|
CRF Audit Framework
A comprehensive guide to planning and conducting cybersecurity audits, including templates and documentation tools. Available in PDF, DOCX, MD, and XLSX formats to support various audit documentation needs. |
✓ | ✓ |
|
CRF Business Intelligence Model
The CRF-Business Intelligence Model (CRF-BIM) offers a structured, seven-step approach to transform manual cybersecurity assessments into automated, data-driven validation processes. By aligning safeguards with technical tools, integrating vendor data, and centralizing reporting, the model enables organizations to reduce risk exposure, improve visibility, and support smarter decision-making across all levels of the business. |
✓ | ✓ |
|
Cybersecurity Program Charter
A comprehensive template to help organizations formalize their cybersecurity program's scope, objectives, and responsibilities. Available in PDF, DOCX, and MD formats for easy customization to your organization's branding and requirements. |
✓ | ✓ |
|
Cybersecurity Policy Templates
A comprehensive set of templates to help organizations develop and maintain effective cybersecurity policies. Includes customizable templates for all major policy areas, provided in multiple formats for easy adaptation to your needs. |
✓ | ✓ |
|
Cybersecurity Audit Checklist Templates
Detailed checklist templates to guide organizations through comprehensive cybersecurity audits. Ensures all critical areas are reviewed and documented properly, with templates available in multiple formats for maximum usability. |
✓ | ✓ |
|
Threat Mapping Tool
Explore how CRF's threat taxonomy aligns with other leading threat frameworks and classifications. |
✓ | ✓ |
|
Safeguards Mapping Tool
Explore how CRF's safeguards align with 80+ cybersecurity frameworks and standards. |
✓ | ✓ |
|
Standards Scorecard Tool
Compare the coverage of 70+ cybersecurity frameworks against CRF-S to identify the strengths and gaps of each standard. |
✓ | ✓ |
|
Audit Plan Template
Generate a customizable long-term audit plan based on your selected safeguards and priorities. |
✓ | ✓ |
Web Assessment Tool |
||
|
Web Assessment Tool
A secure, online auditing tool that enables you to assess your own security posture. |
Unlimited Assessments | Unlimited Assessments |
|
Unique User Accounts
Individual Members get 1 account per license, while Enterprise Members get 10 accounts per license to work on projects together. |
1 | 10 |
|
Share Assessment Results
Control who can view your assessment results—teammates, collaborators, or other CRF members |
✓ | ✓ |
|
CRF-S v2025 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CRF-S v2025 Safeguards |
✓ | ✓ |
|
CRF-S v2024 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CRF-S v2024 Safeguards |
✓ | ✓ |
|
CRF-S v2023 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CRF-S v2023 Safeguards |
✓ | ✓ |
|
CRF-S v2022 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CRF-S v2022 Safeguards |
✓ | ✓ |
|
CRF-S v2021 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CRF-S v2021 Safeguards |
✓ | ✓ |
|
NIST CSF v2.0 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the NIST CSF v2.0 Safeguards |
✗ | ✓ |
|
NIST CSF v1.1 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the NIST CSF v1.1 Safeguards |
✗ | ✓ |
|
NIST CSF v1.0 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the NIST CSF v1.0 Safeguards |
✗ | ✓ |
|
ISO 27002:2022 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the ISO 27002:2022 Safeguards |
✗ | ✓ |
|
ISO 27002:2013 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the ISO 27002:2013 Safeguards |
✗ | ✓ |
|
CIS 8.1 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CIS 8.1 Safeguards |
✗ | ✓ |
|
CIS 8.0 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CIS 8.0 Safeguards |
✗ | ✓ |
|
CIS 7.1 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CIS 7.1 Safeguards |
✗ | ✓ |
|
CIS 7.0 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CIS 7.0 Safeguards |
✗ | ✓ |
|
CIS 6.0 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CIS 6.0 Safeguards |
✗ | ✓ |
|
CIS 5.0 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the CIS 5.0 Safeguards |
✗ | ✓ |
|
NYDFS NYCRR 500 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the NYDFS NYCRR 500 Safeguards |
✗ | ✓ |
|
FCA RM 2024 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the FCA RM 2024 Safeguards |
✗ | ✓ |
|
UC Policy IS-3 Assessment Results
Enterprise Members will be able to view the results of their assessments based off the UC Policy IS-3 Safeguards |
✗ | ✓ |
API Access |
||
|
CRF Safeguards Catalog API
An API providing programmatic access to the CRF Safeguards Catalog, enabling dynamic integration with IT security tools and systems. |
✓ | ✓ |
|
CRF Threat Taxonomy API
Enables direct access to our threat catalog through an API, facilitating the integration of standards into cybersecurity frameworks and tools. |
✓ | ✓ |
| Sign Up | Request Demo |