Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST CSF Informative References

NIST CSF Informative References

Informative references in NIST CSF are the sources that help to achieve a particular requirement. These sources are mapped to other guidelines, frameworks, or practices that are common among all sectors. 

For example, the Identify function in NIST CSF includes the subcategory that requires users to build an inventory for their physical devices and systems. The informative references for achieving this include the following: 

  • CIS CSC 1 
  • COBIT 5 BAI09.01, BAI09.02 
  • ISA 62443-2-1:2009 4.2.3.4 
  • ISA 62443-3-3:2013 SR 7.8 
  • ISO/IEC 27001:2013 A.8.1.1, A.8.1.2 
  • NIST SP 800-53 Rev. 4 CM-8, PM-5

Additional reading

Governance vs Compliance: Key Differences and Similarities

TL,DR: Governance is internally driven and strategic, setting organizational direction through policies and decision-making structures. Compliance is externally mandated and tactical, requiring adherence to specific regulatory framework requirements Governance without compliance lacks enforcement mechanisms, and compliance without governance lacks strategic alignment with business objectives. In practice, both must work together for an effective security posture…

What Is Data Loss Prevention (DLP)?

TL,DR: Data loss prevention helps stop sensitive information from being leaked, misused, or exposed. DLP controls monitor data across endpoints, email, cloud apps, and networks. Strong DLP programs use classification, policies, encryption, access control, and alerts. In 2017, Equifax, one of the largest credit reporting agencies in the US, reported a Data breach. The breach…

Cybersecurity Architecture: Key Components, Design, and Goals for Protection

TL,DR: Cybersecurity architecture is the strategic design of network security processes, rules for application interaction, and system elements that defend against malicious attacks across hybrid work environments, cloud infrastructure, and evolving threat landscapes Key goals include data security (preventing breaches through preventive measures), network security (protecting infrastructure from intrusions), and application security (securing software from…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.