Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
NIST CSF Core Functions
The NIST Cybersecurity Framework (NIST CSF) comprises five core functions – Identify, Protect, Detect, Respond, and Recover. These functions offer guidelines to industries, governments, agencies, and organizations of all sizes, sectors, and maturity to manage their cybersecurity risks effectively. These are further divided into five categories and subcategories. Lets understand each of these:
| Identify (ID): Involves understanding the current risk status of organizational assets like people, facilities, systems, hardware, and software. | ID.AM (Asset Management)ID.BE (Business Environment)ID.GV (Governance)ID.RA (Risk Assessment)ID.RM (Risk Management Strategy) |
| Protect (PR): Aids in securing identified assets by reducing the likelihood and impact of cybersecurity threats while enhancing opportunities. | PR.AC (Access Control)PR.AT (Awareness and Training)PR.DS (Data Security)PR.IP (Information Protection Processes and Procedures)PR.MA (Maintenance)PR.PT (Protective Technology) |
| Detect (DE): Helps teams discover and analyze anomalies and threat indicators that signal an ongoing or previous attack. | DE.AE (Anomalies and Events)DE.CM (Security Continuous Monitoring)DE.DP (Detection Processes) |
| Respond (RS): Supports actions that help mitigate and contain damages caused by a security attack. | RS.RP (Response Planning)RS.CO (Communications)RS.AN (Analysis)RS.MI (Mitigation)RS.IM (Improvements) |
| Recover (RC): Restores operations that have been affected to ensure business recovery and continuity. | RC.RP (Recovery Planning)RC.IM (Improvements)RC.CO (Communications) |
Additional reading
Vanta vs Secureframe vs Laika: Which Compliance Automation Tool is Right for You in 2026?
Comparing compliance automation tools like Vanta, Secureframe, and Laika isn’t just a feature checklist exercise; it’s a strategic decision that impacts your audit timelines, engineering bandwidth, and your go-to-market velocity. These automation compliance tools promise speed, automation, and simplicity — but peel back the layers, and you’ll uncover key differences in framework coverage, audit support,…
Types of Access Control: How to Manage Data Access Safely
In 2023 data breaches cost organizations an average of $4.45 million, highlighting the critical need for implementing robust cybersecurity measures within the organizations. Access control is a pivotal cyber security measure that plays a crucial role in preventing such breaches. There are different types of access control, and their effective management is integral to safeguarding…
Understanding Risk Mitigation: Purpose, Strategies, and Best Practices
What if a single cyberattack or supply chain failure could halt your operations overnight? Preventing such scenarios requires a sophisticated security framework for organizations managing vast data stacks and complex processes. This is where risk mitigation becomes essential! It helps you prepare today so risks don’t derail business operations tomorrow. In this blog, we’ll explore…
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.
