NIST

Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

a b c d e f g h i j k l m n o p q r s t u v w x y z

A

NIST 800-115

NIST Special Publication 800-115, Technical Guide to Information Security Testing and Assessment aims at assisting the organization in discovering the system vulnerabilities through risk assessment and periodic penetration testing. This helps understand the effectiveness of security controls and the flaws that could be exploited by an attacker. This guide has been divided into some chapters…
Learn More NIST 800-115

NIST 800-145

NIST Special Publication 800-145, titled The NIST Definition of Cloud Computing, provides standardized terminology for cloud computing to ensure uniformity across organizations and industries. It outlines the key characteristics, deployment models, and service models associated with cloud computing to enhance understanding and cloud adoption. NIST 800-145 outlines five essential characteristics of cloud computing: on-demand self-service,…
Learn More NIST 800-145

NIST 800-172

NIST Special Publication 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations is an extension of the existing NIST SP 800-171. Current version specifically focus on sensitive but unclassified information dealt by organizations on behalf of the federal government and puts forward additional security requirements and practices pertaining to…
Learn More NIST 800-172

NIST CSF 2.0

NIST Cybersecurity Framework (CSF) 2.0 is an update to NIST CSF  framework.  It expands principles of NIST CSF and adds more structured guidance on minimizing cybersecurity risks. It encompasses organizations of all sizes, irrespective of their security maturity. After the successful debut of the NIST CSF in 2014 and adoption by 50% of US-based organizations…
Learn More NIST CSF 2.0

NIST CSF Core Functions

The NIST Cybersecurity Framework (NIST CSF) comprises five core functions – Identify, Protect, Detect, Respond, and Recover. These functions offer guidelines to industries, governments, agencies, and organizations of all sizes, sectors, and maturity to manage their cybersecurity risks effectively. These are further divided into five categories and subcategories. Lets understand each of these:  Identify (ID):…
Learn More NIST CSF Core Functions

NIST CSF Informative References

Informative references in NIST CSF are the sources that help to achieve a particular requirement. These sources are mapped to other guidelines, frameworks, or practices that are common among all sectors.  For example, the Identify function in NIST CSF includes the subcategory that requires users to build an inventory for their physical devices and systems….
Learn More NIST CSF Informative References

NIST Cybersecurity Framework (CSF)

The NIST Cybersecurity Framework (CSF) is a set of best practices that organizations can use to safeguard their data and enhance cyber security. Developed by the National Institute of Standards and Technology (NIST), the framework helps organizations protect critical infrastructure, such as healthcare and manufacturers.  NIST CSF is flexible, adaptable and widely used to benchmark…
Learn More NIST Cybersecurity Framework (CSF)

NIST Framework Profile

A NIST Framework Profile is an organization-specific configuration of the NIST Cybersecurity Framework (CSF) based on its business requirements, goals, and appetite for risks.  Thus, it functions as an adaptation of how such an organization applies the five functional models of the framework – Identify, Protect, Detect, Respond, and Recover. There are two ways a…
Learn More NIST Framework Profile

NIST Identity and Access Management (IAM) Framework

The NIST Identity and Access Management (IAM) Framework is intended to help organizations ensure that only authorized individuals have access to critical resources, reducing unlawful access and data breaches into information systems. The framework guides organizations in developing and maintaining digital identities, as well as administering effective access controls. The NIST IAM Framework majorly deals…
Learn More NIST Identity and Access Management (IAM) Framework

NIST Privacy Framework

The NIST Privacy Framework is a set of guidelines and recommendations that are useful for the organization in minimizing privacy risks while collecting or storing personal information. It integrates privacy into product or service design while assuring compliance with a relevant law and building customer trust. The framework was created due to the growing number…
Learn More NIST Privacy Framework

NIST Risk Management Framework (RMF)

NIST Risk Management Framework (RMF) is a seven-step repeatable process to manage and mitigate risks related to information systems. Developed by the National Institute of Standards and Technology (NIST), the framework was originally developed for federal agencies but has since been adopted by various industries to achieve compliance and manage cybersecurity risks. The framework integrates…
Learn More NIST Risk Management Framework (RMF)

NIST SP 800-53

NIST SP 800-53 is a special publication by the National Institute of Standards and Technology; titled–Security and Privacy Controls for Information Systems and Organizations. It provides a comprehensive set of security and privacy controls organized into control families that support the development of safe and secure information systems. Primarily developed for federal agencies, it can…
Learn More NIST SP 800-53

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

NIST CSF Informative References

Informative references in NIST CSF are the sources that help to achieve a particular requirement. These sources are mapped to other guidelines, frameworks, or practices that are common among all sectors.  For example, the Identify function in NIST CSF includes the subcategory that requires users to build an inventory for their physical devices and systems….
Oct 16, 2024

NIST Framework Profile

A NIST Framework Profile is an organization-specific configuration of the NIST Cybersecurity Framework (CSF) based on its business requirements, goals, and appetite for risks.  Thus, it functions as an adaptation of how such an organization applies the five functional models of the framework – Identify, Protect, Detect, Respond, and Recover. There are two ways a…
Oct 16, 2024

NIST CSF Core Functions

The NIST Cybersecurity Framework (NIST CSF) comprises five core functions – Identify, Protect, Detect, Respond, and Recover. These functions offer guidelines to industries, governments, agencies, and organizations of all sizes, sectors, and maturity to manage their cybersecurity risks effectively. These are further divided into five categories and subcategories. Lets understand each of these:  Identify (ID):…
Oct 16, 2024

NIST AI Risk Management Framework (AI RMF)

The Artificial Intelligence Risk Management Framework (AI RMF) is designed in collaboration with private and public sectors. It is a practical guide to enable individuals and organizations to manage risks posed by generative AI in a way that aligns with their goals and objectives.  NIST AI RMF is a voluntary framework developed to help users…
Oct 16, 2024

NIST 800-172

NIST Special Publication 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations is an extension of the existing NIST SP 800-171. Current version specifically focus on sensitive but unclassified information dealt by organizations on behalf of the federal government and puts forward additional security requirements and practices pertaining to…
Oct 16, 2024

NIST 800-145

NIST Special Publication 800-145, titled The NIST Definition of Cloud Computing, provides standardized terminology for cloud computing to ensure uniformity across organizations and industries. It outlines the key characteristics, deployment models, and service models associated with cloud computing to enhance understanding and cloud adoption. NIST 800-145 outlines five essential characteristics of cloud computing: on-demand self-service,…
Oct 16, 2024