Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST 800-172

NIST 800-172

NIST Special Publication 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations is an extension of the existing NIST SP 800-171. Current version specifically focus on sensitive but unclassified information dealt by organizations on behalf of the federal government and puts forward additional security requirements and practices pertaining to it.

Main features of NIST 800-172 are:

  1. Additional Requirements for Safety: The book offers better controls that are grouped into 14 categories of controls:
  • Access Control
  • Awareness and Training
  • Audit and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System and Communications Protection
  • System and Information Integrity
  1. Proactive Controls: Under NIST 800-172, proactive control includes threat hunting, encryption as well as continuous monitoring all of which will provide a workaround for future risks.
  2. Implementation Guidance: Publication details customised security requirements based on the varying risk levels of CUI. In that case, it also leaves room for adoption.

NIST SP 800-172 aims at assisting in bolstering the non-federal systems’ cybersecurity posture. In this case, the developed publication applies to sectors of critical infrastructure where preventing unauthorized access and disclosure as well as other advanced persistent threats is crucial.

Additional reading

Top Cloud Compliance Tools You Should Know in 2026

TL;DR Cloud compliance tools are software designed to support regulatory compliance for applications hosted in the cloud. Best Cloud Compliance Tools in 2026: Sprinto, Drata, Vanta, Scrut, Lacework, CrowdStrike, Orca, Thoropass, and Trend Micro. Why Cloud Compliance Tools: Cloud compliance software helps businesses meet regulatory requirements and ensure data security in their cloud environments. Congratulations…

Meta and TikTok DSA Case: When Compliance on Paper Isn’t Enough

Meta and TikTok may face penalties of up to 6% of their global earnings for breaching the EU’s Digital Services Act (DSA), but the real significance lies not in the amount, but in what triggered the penalties. In this instance, the regulator did not penalize legal non-compliance. They punished operational failure: controls that existed on…

Complete Guide on HIPAA Compliance Training Requirements

TL,DR: HIPAA mandates compliance training for all covered entity and business associate employees, regardless of whether they directly access PHI, under both the Privacy Rule and Security Rule training standards The Security Rule outlines 4 addressable specifications: periodic security updates, malware prevention and detection, login monitoring procedures, and password creation and protection procedures Training must…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.