Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
NIST CSF Core Functions
The NIST Cybersecurity Framework (NIST CSF) comprises five core functions – Identify, Protect, Detect, Respond, and Recover. These functions offer guidelines to industries, governments, agencies, and organizations of all sizes, sectors, and maturity to manage their cybersecurity risks effectively. These are further divided into five categories and subcategories. Lets understand each of these:
| Identify (ID): Involves understanding the current risk status of organizational assets like people, facilities, systems, hardware, and software. | ID.AM (Asset Management)ID.BE (Business Environment)ID.GV (Governance)ID.RA (Risk Assessment)ID.RM (Risk Management Strategy) |
| Protect (PR): Aids in securing identified assets by reducing the likelihood and impact of cybersecurity threats while enhancing opportunities. | PR.AC (Access Control)PR.AT (Awareness and Training)PR.DS (Data Security)PR.IP (Information Protection Processes and Procedures)PR.MA (Maintenance)PR.PT (Protective Technology) |
| Detect (DE): Helps teams discover and analyze anomalies and threat indicators that signal an ongoing or previous attack. | DE.AE (Anomalies and Events)DE.CM (Security Continuous Monitoring)DE.DP (Detection Processes) |
| Respond (RS): Supports actions that help mitigate and contain damages caused by a security attack. | RS.RP (Response Planning)RS.CO (Communications)RS.AN (Analysis)RS.MI (Mitigation)RS.IM (Improvements) |
| Recover (RC): Restores operations that have been affected to ensure business recovery and continuity. | RC.RP (Recovery Planning)RC.IM (Improvements)RC.CO (Communications) |
Additional reading
Data Portability Under Article 20 GDPR
TL,DR: GDPR Article 20 grants individuals the right to receive their personal data in a structured, commonly used, and machine-readable format for reuse or direct transfer between controllers Data portability applies only when processing is based on consent or contract performance and carried out by automated means. Manual paper records are excluded from this right…
New Risks Emerging in Vendor Ecosystems (And What They Mean for TPRM)
Vendor ecosystems have become one of the largest risk surfaces for modern organizations. Businesses now rely on hundreds, often thousands, of vendors, including SaaS platforms, cloud services, processors, and subcontractors, to run day-to-day operations Recent incidents have shown how quickly failures in these ecosystems can cascade. Supply-chain cyberattacks have already demonstrated how vulnerable vendor ecosystems…
A Quick Overview to SOC as a Service
TL,DR: SOC as a Service (SOCaaS) provides outsourced security operations through a cloud-based subscription model for threat monitoring, detection, and response. In October 2023, 114 incidents compromised over 867 million records globally Core capabilities include 24/7 security event monitoring, real-time threat detection and alerting, incident investigation and response, log management and correlation, vulnerability identification, and…
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.
