Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
NIST CSF Informative References
Informative references in NIST CSF are the sources that help to achieve a particular requirement. These sources are mapped to other guidelines, frameworks, or practices that are common among all sectors.
For example, the Identify function in NIST CSF includes the subcategory that requires users to build an inventory for their physical devices and systems. The informative references for achieving this include the following:
- CIS CSC 1
- COBIT 5 BAI09.01, BAI09.02
- ISA 62443-2-1:2009 4.2.3.4
- ISA 62443-3-3:2013 SR 7.8
- ISO/IEC 27001:2013 A.8.1.1, A.8.1.2
- NIST SP 800-53 Rev. 4 CM-8, PM-5
Additional reading
10 Best Vanta Alternatives For 2026: Compare Top Competitors
TL;DR Sprinto stands out as a scalable, autonomous alternative to Vanta; combining fast implementation, AI-driven automation, and continuous control monitoring. Drata and Secureframe offer solid automation, Hyperproof and AuditBoard serve complex enterprise needs, and Whistic excels in vendor risk, but each has trade-offs in cost, flexibility, or implementation time. The right choice depends on your…
GDPR Violations: Major Fines and Key Lessons
TL,DR: Over 247 GDPR fines were issued in two years, with average values surpassing €4.4 million and recent penalties exceeding €1 billion. Meta’s €1.2 billion fine for illegal cross-border data transfers remains the largest on record Key violations include relying on invalidated transfer mechanisms (Meta), failing to honor the right to be forgotten (Google, fined…
What Constitutes a Good Third-Party Risk Management Policy?
In a recent Gartner survey, 84% of the respondents (who were risk committee members) claimed that third-party risk gaps highly disrupted their business operations. Any organization that relies on third-party vendors for critical business functions should develop and maintain an effective Third-Party Risk Management policy. A strong third-party management policy can go a long way…
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.
