Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST Framework Profile

NIST Framework Profile

A NIST Framework Profile is an organization-specific configuration of the NIST Cybersecurity Framework (CSF) based on its business requirements, goals, and appetite for risks.

Thus, it functions as an adaptation of how such an organization applies the five functional models of the framework – Identify, Protect, Detect, Respond, and Recover.

There are two ways a profile can be used:

Current profile: The current cybersecurity controls are already implemented in the organization, a fact which is illustrated in this paper.
Target profile: Describes what the goals require the cybersecurity posture to become in the future.

The difference between current and target profile will help organizations to define security weaknesses, determine what steps should be taken first, and to create an actionable plan to enhance their security policies. NIST Framework Profile can be adapted to accommodate businesses of any size or type so that all can improve their cybersecurity posture.

Additional reading

Blogs Compliance management

Guide to Privacy Compliance [Examples, Challenges, & How to Comply]

TL,DR: Privacy compliance is adherence to data protection laws governing collection, processing, and management of sensitive data. Yakima Valley Memorial Hospital paid $240,000 in HIPAA settlement for unauthorized PHI access Building a program follows 6 steps: identify applicable laws, conduct risk assessments, implement controls, enforce policies, train employees, and monitor systems continuously Applicability depends on…

Blogs

India’s Data Protection Rules Are Coming Soon: Decoding DPDP for Data-Driven Businesses

Every major economy is rewriting the boundaries of digital trust. The European Union has already set its course with GDPR. California codified privacy with the CCPA. And across Asia and the Middle East, new laws are tightening the accountability loop around personal data. However, what was once an internal policy discussion is now an existential…

Blogs

What is Cybersecurity and Why is It Important?

TL,DR: Cybersecurity is the practice of protecting computer systems and networks against unauthorized access, data breaches, and cyberattacks by mitigating information risks and vulnerabilities across all digital infrastructure Common attack types include phishing (deceptive credential theft), malware (viruses and trojans), ransomware (encrypting data for payment demands), DDoS (overwhelming systems with traffic), man-in-the-middle attacks, and SQL…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales