Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
NIST CSF Core Functions
The NIST Cybersecurity Framework (NIST CSF) comprises five core functions – Identify, Protect, Detect, Respond, and Recover. These functions offer guidelines to industries, governments, agencies, and organizations of all sizes, sectors, and maturity to manage their cybersecurity risks effectively. These are further divided into five categories and subcategories. Lets understand each of these:
| Identify (ID): Involves understanding the current risk status of organizational assets like people, facilities, systems, hardware, and software. | ID.AM (Asset Management)ID.BE (Business Environment)ID.GV (Governance)ID.RA (Risk Assessment)ID.RM (Risk Management Strategy) |
| Protect (PR): Aids in securing identified assets by reducing the likelihood and impact of cybersecurity threats while enhancing opportunities. | PR.AC (Access Control)PR.AT (Awareness and Training)PR.DS (Data Security)PR.IP (Information Protection Processes and Procedures)PR.MA (Maintenance)PR.PT (Protective Technology) |
| Detect (DE): Helps teams discover and analyze anomalies and threat indicators that signal an ongoing or previous attack. | DE.AE (Anomalies and Events)DE.CM (Security Continuous Monitoring)DE.DP (Detection Processes) |
| Respond (RS): Supports actions that help mitigate and contain damages caused by a security attack. | RS.RP (Response Planning)RS.CO (Communications)RS.AN (Analysis)RS.MI (Mitigation)RS.IM (Improvements) |
| Recover (RC): Restores operations that have been affected to ensure business recovery and continuity. | RC.RP (Recovery Planning)RC.IM (Improvements)RC.CO (Communications) |
Additional reading
GRC Insights from Security and Compliance Leaders
TL,DR: The Trust Triangle virtual roundtable (March 25, 2025) brought together 9 veteran security professionals including CISOs, field security leaders, and GRC engineers from organizations like Cyvergence, Pipedrive, ServiceNow, and Navan Key insights covered building global GRC programs, navigating startup compliance complexities, aligning security investments with business outcomes, and treating compliance as a strategic enabler…
Cybersecurity Strategy: Key Components and How to Develop One
TL,DR: A cybersecurity strategy is a detailed action plan for protecting networks, systems, and data against threats while supporting growth and innovation. It transforms security from a checkbox exercise into a value-driven effort Key components include risk assessment and prioritization, asset identification and classification, access management policies, incident response planning, employee training programs, and continuous…
How to Build a Disaster Recovery Plan for ISO 27001?
When disaster strikes, your business may lose critical data, and all the functions may have to stop suddenly. However, your business doesn’t have to be at the mercy of chaos – a carefully crafted disaster recovery plan becomes integral to running your business environment smoothly and efficiently. But getting started with a plan isn’t always…

Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.





