Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST Framework Profile

NIST Framework Profile

A NIST Framework Profile is an organization-specific configuration of the NIST Cybersecurity Framework (CSF) based on its business requirements, goals, and appetite for risks. 

Thus, it functions as an adaptation of how such an organization applies the five functional models of the framework – Identify, Protect, Detect, Respond, and Recover.

There are two ways a profile can be used: 

  1. Current profile: The current cybersecurity controls are already implemented in the organization, a fact which is illustrated in this paper. 
  2. Target profile: Describes what the goals require the cybersecurity posture to become in the future. 

The difference between current and target profile will help organizations to define security weaknesses, determine what steps should be taken first, and to create an actionable plan to enhance their security policies. NIST Framework Profile can be adapted to accommodate businesses of any size or type so that all can improve their cybersecurity posture.

Additional reading

SOC 2 for SaaS Companies: A Complete Walkthrough

Imagine you’re about to close a deal with an enterprise customer. They find your product a solid fit. The pilot seems to have gone well. And then, they turn towards the procurement checklist—a full security review, a questionnaire with nearly 70 questions, and one particular requirement that brings you to a screeching halt. “Do you…

ISO 27001 Acceptable Use Policy: Requirements, Template, and Best Practices

Scaling a fast-growing tech company comes with invisible risks. As new people, devices, and apps flood your environment, the chances of misuse, accidental data leaks, or non-compliance skyrocket. Founders and compliance leaders often discover too late that while technical controls are in place, one unclear policy, or worse, no policy at all, can derail an…

What is PCI Compliance Attestation [How to Prepare Yourself]

Businesses navigating the world of payment card transactions must undertake an essential journey—one that leads them to a PCI compliance attestation. In the card payment industry, data security and compliance take center stage. The Payment Card Industry Data Security Standard (PCI-DSS) is a leading compliance standard that transcends a mere checklist of items and becomes…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales