Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST 800-115

NIST 800-115

NIST Special Publication 800-115, Technical Guide to Information Security Testing and Assessment aims at assisting the organization in discovering the system vulnerabilities through risk assessment and periodic penetration testing. This helps understand the effectiveness of security controls and the flaws that could be exploited by an attacker.

This guide has been divided into some chapters dealing with varied aspects of the security test:

  • Overview of Security Testing and Examination: This introduces basic concepts and principles of security testing.
  • Overview of the Techniques: The methods to analyze controls and configurations are discussed.
  • Target Identification and Analysis: These are techniques to identify target systems and analyze the state of security of the identified systems. The activities include network discovery, vulnerability scanning, and wireless scans.
  • Validation Techniques of Target Vulnerability: These are the processes to validate the existence of an identified vulnerability with impact using penetration testing techniques.
  • Security Assessment Planning: This involves patch management and incident response activities for identified vulnerabilities, ensuring that the software maintains its integrity and security after release.
  • Conducting the Security Assessment: It entails conducting safety and security assessments and detailing exactly how it would be done by making tests and evaluations.
  • Activities Post-Testing: This entails reporting and remediation post-testing

NIST SP 800-115 also accommodates baseline competencies to be used to execute these types of assessments as well as methods of testing.

Additional reading

Breaking Down Compliance Costs: Where Your Money Goes and How to Save

TL,DR: Compliance costs include direct spend on audits, staffing, technology, training, and indirect productivity losses. Expenses rise with stricter enforcement, privacy expectations, talent shortages, and industry-specific requirements. The article explains how risk-based planning, automation, monitoring, and scalable processes reduce wasted spend. Compliance cost is unavoidable, whether you do it right or neglect it. In today’s…

SOC 2 Compliance Cost 2026: Planning A Comprehensive Compliance Budget

TL,DR: SOC 2 certification cost typically ranges from $30,000 to $150,000, depending on audit scope, organization size, and readiness level. Type 1 audits run $5,000 to $25,000 (assessing control design at a point in time), while Type 2 audits run $7,000 to $50,000+ (testing control effectiveness over a 3 to 12 month period). Hidden costs…

GDPR Compliance Software: How to Evaluate Tools in 2026 (Features, Costs & Use Cases)

TL;DR This guide compares GDPR compliance software across consent tools, privacy operations platforms, and continuous compliance/GRC systems to help organizations choose based on automation depth, data complexity, and scalability. Top GDPR Compliance Software in 2026:1. Sprinto2. Drata3. Netwrix Auditor4. PrivIQ5. LogicGate6. AuditBoard7. Transcend8. OneTrust9. Wired Relations Finding the best GDPR compliance software isn’t about picking…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.