Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
NIST CSF Core Functions
The NIST Cybersecurity Framework (NIST CSF) comprises five core functions – Identify, Protect, Detect, Respond, and Recover. These functions offer guidelines to industries, governments, agencies, and organizations of all sizes, sectors, and maturity to manage their cybersecurity risks effectively. These are further divided into five categories and subcategories. Lets understand each of these:
| Identify (ID): Involves understanding the current risk status of organizational assets like people, facilities, systems, hardware, and software. | ID.AM (Asset Management)ID.BE (Business Environment)ID.GV (Governance)ID.RA (Risk Assessment)ID.RM (Risk Management Strategy) |
| Protect (PR): Aids in securing identified assets by reducing the likelihood and impact of cybersecurity threats while enhancing opportunities. | PR.AC (Access Control)PR.AT (Awareness and Training)PR.DS (Data Security)PR.IP (Information Protection Processes and Procedures)PR.MA (Maintenance)PR.PT (Protective Technology) |
| Detect (DE): Helps teams discover and analyze anomalies and threat indicators that signal an ongoing or previous attack. | DE.AE (Anomalies and Events)DE.CM (Security Continuous Monitoring)DE.DP (Detection Processes) |
| Respond (RS): Supports actions that help mitigate and contain damages caused by a security attack. | RS.RP (Response Planning)RS.CO (Communications)RS.AN (Analysis)RS.MI (Mitigation)RS.IM (Improvements) |
| Recover (RC): Restores operations that have been affected to ensure business recovery and continuity. | RC.RP (Recovery Planning)RC.IM (Improvements)RC.CO (Communications) |
Additional reading
HIPAA Encryption Requirements: The Key to Protecting Patient Privacy
In the digital age, we are constantly juggling data privacy concerns. Emergence of new technologies and regulations like the Health Insurance Portability and Accountability Act (HIPAA), means healthcare organizations must be vigilant in protecting patient information from unauthorized access or use. Encryption is a powerful tool that protects patient data at rest and in transit. …
How to Create a Vendor Management Policy? [Template]
Vendor management is how your business selects, monitors, and offboards third parties that touch your systems, data, or daily operations. A vendor management policy helps teams handle vendor risk in a consistent way. It reduces the chance of audit findings or security breaches and minimizes business disruptions. The policy specifies who owns vendor oversight, how…
How to Attain CSA STAR Certification: A Simple How-To
Cloud services have become an indispensable component of corporate environments and serve multiple purposes. Companies deploy a combination of services like Box for data storage, Microsoft 365 for productivity tools, and Amazon Web Services (AWS) for cloud and IT infrastructure. These cloud services allow organizations to fulfill their needs by enabling agility and operating at…
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.
