Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
NIST CSF Core Functions
The NIST Cybersecurity Framework (NIST CSF) comprises five core functions – Identify, Protect, Detect, Respond, and Recover. These functions offer guidelines to industries, governments, agencies, and organizations of all sizes, sectors, and maturity to manage their cybersecurity risks effectively. These are further divided into five categories and subcategories. Lets understand each of these:
| Identify (ID): Involves understanding the current risk status of organizational assets like people, facilities, systems, hardware, and software. | ID.AM (Asset Management)ID.BE (Business Environment)ID.GV (Governance)ID.RA (Risk Assessment)ID.RM (Risk Management Strategy) |
| Protect (PR): Aids in securing identified assets by reducing the likelihood and impact of cybersecurity threats while enhancing opportunities. | PR.AC (Access Control)PR.AT (Awareness and Training)PR.DS (Data Security)PR.IP (Information Protection Processes and Procedures)PR.MA (Maintenance)PR.PT (Protective Technology) |
| Detect (DE): Helps teams discover and analyze anomalies and threat indicators that signal an ongoing or previous attack. | DE.AE (Anomalies and Events)DE.CM (Security Continuous Monitoring)DE.DP (Detection Processes) |
| Respond (RS): Supports actions that help mitigate and contain damages caused by a security attack. | RS.RP (Response Planning)RS.CO (Communications)RS.AN (Analysis)RS.MI (Mitigation)RS.IM (Improvements) |
| Recover (RC): Restores operations that have been affected to ensure business recovery and continuity. | RC.RP (Recovery Planning)RC.IM (Improvements)RC.CO (Communications) |
Additional reading
GRC Insights from Security and Compliance Leaders
TL,DR: The Trust Triangle virtual roundtable (March 25, 2025) brought together 9 veteran security professionals including CISOs, field security leaders, and GRC engineers from organizations like Cyvergence, Pipedrive, ServiceNow, and Navan Key insights covered building global GRC programs, navigating startup compliance complexities, aligning security investments with business outcomes, and treating compliance as a strategic enabler…
Risk Mitigation Strategies: Top Tactics, Plans & Examples 2026
TL;DR June 2017. One of the world’s largest container shipping companies, Maersk, was hit by malware that made 1200 applications inaccessible, destroyed 49000 laptops, and impacted 3500 servers. The shipping line was at a standstill. This incident highlighted the critical importance of risk mitigation strategies in minimizing damage and restoring operations swiftly. This was short-lived,…
Chief Compliance Officer: Leading Corporate Compliance
TL;DR CCO’s today, with some experience, are earning anywhere between $200k -$375k and the ones in the top 10% are making millions of dollars. The skills required to become a CCO include quick decision-making, regulatory understanding, analytical skills, communication, leadership qualities and technological understanding. The typical roles and responsibilities include developing compliance programs, facilitating communication,…
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.
