Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST CSF Core Functions

NIST CSF Core Functions

The NIST Cybersecurity Framework (NIST CSF) comprises five core functions – Identify, Protect, Detect, Respond, and Recover. These functions offer guidelines to industries, governments, agencies, and organizations of all sizes, sectors, and maturity to manage their cybersecurity risks effectively. These are further divided into five categories and subcategories. Lets understand each of these: 

Identify (ID): Involves understanding the current risk status of organizational assets like people, facilities, systems, hardware, and software. ID.AM (Asset Management)ID.BE (Business Environment)ID.GV (Governance)ID.RA (Risk Assessment)ID.RM (Risk Management Strategy)
Protect (PR): Aids in securing identified assets by reducing the likelihood and impact of cybersecurity threats while enhancing opportunities. PR.AC (Access Control)PR.AT (Awareness and Training)PR.DS (Data Security)PR.IP (Information Protection Processes and Procedures)PR.MA (Maintenance)PR.PT (Protective Technology)
Detect (DE): Helps teams discover and analyze anomalies and threat indicators that signal an ongoing or previous attack. DE.AE (Anomalies and Events)DE.CM (Security Continuous Monitoring)DE.DP (Detection Processes)
Respond (RS): Supports actions that help mitigate and contain damages caused by a security attack. RS.RP (Response Planning)RS.CO (Communications)RS.AN (Analysis)RS.MI (Mitigation)RS.IM (Improvements)
Recover (RC): Restores operations that have been affected to ensure business recovery and continuity. RC.RP (Recovery Planning)RC.IM (Improvements)RC.CO (Communications)

Additional reading

ISO 27001
Blogs ISO 27001

ISO 27001 Compliance: Guide to Security Framework

Organizations depend on data and have processes and tools to transmit, access, and store it, but seldom take effective measures to secure it. Internal safeguards often fail to protect it and prove inadequate against major attacks. Bad actors and hackers often exploit these inadequacies. Organizations in their attempt to secure their business environment go a…
Cloud Security Assessment
Blogs Cloud compliance

How to conduct a Cloud Security Assessment?

While 39% of organizations experienced a cloud data breach the previous year, 75% continued to host more than 40% of sensitive data on the cloud. As a CISO, you are always at the forefront of the battle between hosting data on the cloud and safeguarding data. The cloud has become the foundation of modern IT…
Top ISMS Frameworks 2024: ISO 27001, COBIT, NIST SP 800-53 Explained
Blogs Compliance management Cybersecurity

List of ISMS Frameworks: How to Choose the Right One 

One of the best ways to adhere to security best practices is using a compliance framework. These guidelines offer a practical, step-by-step, and holistic approach to manage, monitor, implement, and maintain your security objectives. ISMS frameworks are the gold standard of improving posture and gaining customer trust. Let’s understand the most popular ISMS frameworks in…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales