Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST Risk Management Framework (RMF)

NIST Risk Management Framework (RMF)

NIST Risk Management Framework (RMF) is a seven-step repeatable process to manage and mitigate risks related to information systems. Developed by the National Institute of Standards and Technology (NIST), the framework was originally developed for federal agencies but has since been adopted by various industries to achieve compliance and manage cybersecurity risks.


The framework integrates security, privacy and cybersecurity supply chain risks into system development lifecycle to enable organizations to take a risk-based approach throughout the control implementation process.

The seven key steps in the NIST RMF include:

  • Prepare aims to enable the organizations to understand their risk profiles and prepare for security risks by assessing data, networks and other infrastructure
  • Categorize focuses on sensitivity of information processes and grouping systems accordingly to understand the impact of potential risks
  • Select aims to choose the right security measures to mitigate the identified risks
  • Implement ensures that the chosen controls are implemented and documented
  • Assess evaluates if the implemented controls are functioning as intended to protect the information systems
  • Authorize aims to promote accountability and ensures that the senior management oversees the implementation and assessment of controls to minimize risks
  • Monitor involves continuous oversight of the risk environment and updating the controls as required

Additional reading

Cybersecurity Incident Response Plan: What It Is & How to Build One

The significance of cybersecurity is growing. The world now depends on technology more than ever before, and there are no signs that indicate a possible reversal. Organizations can no longer exclusively rely on standard cybersecurity solutions like firewalls and antivirus software. Hackers are consistently improving their strategies and are now able to easily penetrate traditional…

CMMC Compliance Checklist for 2026

TL,DR: CMMC compliance starts by identifying the required level based on the data you handle. The checklist focuses on controls such as access control, incident response, monitoring, and assessment readiness. Use it to prepare for DoD work and track gaps before a CMMC assessment. If you’re a defense contractor, staying compliant with the Cybersecurity Maturity…

SOX Controls: A Practical Guide

SOX compliance is rarely viewed as inspiring, but it should be. The Sarbanes-Oxley Act, now more than 20 years old, has been reduced to a set of rules to follow.  In reality, it’s a proven framework for building durable financial systems and long-term credibility. SOX is fundamentally about trust: the kind that guides investor decisions…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.