Cyber Resilience Review (CRR)

The Cyber Resilience Review (CRR) is an assessment tool designed to evaluate an organisation's operational resilience and cybersecurity practices. Developed by the US Department of Homeland Security (DHS), the CRR helps organisations assess their ability to manage cyber risks and ensure the continuity of essential services during and after a cyber incident. It is widely used across various sectors, including critical infrastructure, to enhance the overall cyber resilience of organisations.

Cyber Resilience Review Software as a Service

The Cyber Resilience Review (CRR), offered as Software as a Service, is an adaptable and scalable solution that assists businesses in identifying, protecting, detecting, responding, and recovering from cybersecurity threats. This cloud-based service offers continuous updates and expert guidance, allowing companies to stay aligned with evolving cybersecurity practices and standards without the need for extensive in-house resources.

Our CRR SaaS solution provides the following benefits:

  • Automated assessments aligned with the NIST CSF five core functions
  • Dynamic mapping of current cybersecurity practices to the CRR recommendations
  • Tracking and reporting of the CRR's compliance over time
  • Multi-user collaboration on CRR reviews
  • Secure document upload and assignment as evidence
  • Single click automated report generation
  • Create snapshot of review progress 
  • Your reviews are living documents that grow with your organisation
  • Export CRR and import into OCTAVE Allegro to automatically create Areas of Concern
  • CSF crosswalk visualisation of CRR to CSF mapping

How the Cyber Resilience Review Maps to NIST

The CRR aligns closely with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The NIST CSF is a widely recognised framework that provides a comprehensive approach to managing and reducing cybersecurity risks.

Alignment with NIST CSF Functions: The CRR maps to the five core functions of the NIST CSF which are Identify, Protect, Detect, Respond, and Recover. Each section of the CRR corresponds to these functions, ensuring a holistic assessment of an organisation's cybersecurity posture.  

Identification of Critical Services: The CRR helps organisation's identify and prioritise critical services, which aligns with the NIST CSF's emphasis on understanding the business context and the resources that support critical functions.

 Assessment of Cybersecurity Practices: Both the CRR and the NIST CSF assess cybersecurity practices across key domains, such as asset management, risk management, incident response, and recovery planning.

Operational Resilience: The CRR goes beyond traditional cybersecurity to include aspects of operational resilience, which is a key element of the NIST CSF’s recovery function. This helps organisation's prepare for, withstand, and recover from cyber incidents.

Customisation and Adaptability: Like the NIST CSF, the CRR is designed to be flexible and adaptable to the specific needs and contexts of different organisation's, regardless of size or industry.

Automated Document Creation

Snapshot Reviews

Living Document

Advantages of the Cyber Resilience Review

Comprehensive Assessment: The CRR provides a thorough evaluation of an organisation's cybersecurity and operational resilience capabilities, covering a broad range of domains.

Alignment with Industry Standards: The CRR's alignment with the NIST CSF ensures that organisation's are assessing their practices against a widely accepted standard, making it easier to benchmark and improve.

Focus on Continuity: The CRR emphasises the importance of maintaining essential services during and after a cyber incident, ensuring that organisation's are not just secure but also resilient.

Tailored to Critical Infrastructure: While applicable to any sector, the CRR is particularly well-suited for organisation's that are part of critical infrastructure, helping them to safeguard vital services that are essential to national security and public safety.

Cost-Effective: The CRR is a cost-effective way for organisation's to assess and improve their cyber resilience, especially when compared to more resource-intensive assessments.

Improvement Focused: The CRR is designed to identify gaps and areas for improvement, providing organisation's with actionable insights to enhance their resilience.

Engagement and Awareness: By involving various stakeholders in the assessment process, the CRR promotes greater awareness of cyber risks and resilience throughout the organisation.

In summary, the Cyber Resilience Review is a valuable tool for organisation's seeking to assess and improve their cyber resilience. Its alignment with the NIST Cybersecurity Framework ensures that it provides a comprehensive, industry-standard approach to managing cyber risks and ensuring the continuity of essential services.