Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST CSF 2.0

NIST CSF 2.0

NIST Cybersecurity Framework (CSF) 2.0 is an update to NIST CSF  framework.  It expands principles of NIST CSF and adds more structured guidance on minimizing cybersecurity risks. It encompasses organizations of all sizes, irrespective of their security maturity.

After the successful debut of the NIST CSF in 2014 and adoption by 50% of US-based organizations just after 6 years of release, NIST started working on NIST CSF 2.0 in 2022. The CSF 2.0 was released in February 2024 to include not just critical infrastructure sectors but also businesses ranging from schools and startups to enterprise and government organizations.

NIST CSF 2.0 also has a lot of informative references for better adoption and supports integration with other risk programs. reflecting the rapidly changing digital landscape and serving as a comprehensive tool for organizations to strengthen their cybersecurity defenses.

Additional reading

Top 6 Drata Alternatives & Competitors in 2026

TL; DR Drata helps organizations become audit-ready quickly, but challenges may arise after onboarding. Customers often find that add-ons increase the total cost, evidence uploads cannot be edited, and teams may need to re-upload documents when changes occur. This guide compares six Drata alternatives, highlighting their advantages in automation, evidence management, reporting, and scalability to…

NIST Access Control: Requirements, Controls and Mapping

TL,DR: NIST access controls regulate access to Controlled Unclassified Information (CUI) and systems processing it, governing who has access, what methods are used, and what role-based permissions each user holds NIST SP 800-53 organizes access control into the AC family, one of 20 security control families. CMMC maps 26 access control practices across 5 maturity…

“You Don’t Exist in the System”: What GRC Gets Wrong About Identity Risk

In the hierarchy of security risks, identity rarely makes the front page. It’s often relegated to access control matrices and provisioning workflows—important, yes, but rarely urgent. It’s considered a convenience feature. A means to an end. Until the day it vanishes. “I went to the unemployment agency,” says Alexandre Blanc, a cybersecurity expert and former…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales