Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST 800-145

NIST 800-145

NIST Special Publication 800-145, titled The NIST Definition of Cloud Computing, provides standardized terminology for cloud computing to ensure uniformity across organizations and industries. It outlines the key characteristics, deployment models, and service models associated with cloud computing to enhance understanding and cloud adoption.

NIST 800-145 outlines five essential characteristics of cloud computing: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service.

  1. On-demand self-service: This means that users can allocate cloud resources on demand without manual intervention
  2. Broad network access: It indicates that cloud services can be accessed from a wide range of devices using standard methods such as browsers.
  3. Resource pooling: This indicates that cloud computing resources are pooled to provide service to multiple customers
  4. Rapid elasticity: This means that cloud capabilities can be scaled up and down based on requirements
  5. Measured service: It indicates that the usage of cloud resources is monitored and reported

Three Service models: Cloud service models include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).Four deployment models: The deployment models are categorized as public cloud, private cloud, hybrid cloud and community cloud.

Additional reading

How to Create a Vendor Management Policy? [Template]

TL,DR: A vendor management policy governs how you evaluate, approve, monitor, and offboard vendors. It should define roles, risk tiers, due diligence, required clauses, monitoring, escalation, and termination. Use it to prove vendor controls for SOC 2, ISO 27001, and customer reviews. Vendor management is how your business selects, monitors, and offboards third parties that…

Sprinto vs Vanta vs Oneleet: Which Compliance Automation Platform Should You Choose?

Most teams land on this exact shortlist for the same reason: a deal just stalled because a customer asked for a SOC 2 report you do not have yet, and you need it sorted quickly. Sprinto, Vanta, and Oneleet are all built to solve that, which is why they keep ending up on the same list. Where they split is one question: how much of the work do you want to hand off, and how much do you want to keep? Vanta hands you a clean, well-organized platform and expects your team to drive. Oneleet sits at the opposite end, bundling pentesting, a virtual CISO, and the audit coordination, so you can offload most of the process. Sprinto sits in between, pairing heavy automation with a dedicated compliance expert, and it is the one I would pick if you suspect this first certification is only the start.

PCI DSS Compliance: Complete Guide

TL,DR: PCI DSS compliance protects cardholder data through 12 requirements and 250+ security controls. Merchants and service providers must validate compliance annually and maintain controls year-round. The guide covers PCI levels, SAQs, risk assessments, gap remediation, control monitoring, and involved parties. As a founder of a business that processes online transactions, PCI compliance is mandatory,…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.