Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
NIST CSF Core Functions
The NIST Cybersecurity Framework (NIST CSF) comprises five core functions – Identify, Protect, Detect, Respond, and Recover. These functions offer guidelines to industries, governments, agencies, and organizations of all sizes, sectors, and maturity to manage their cybersecurity risks effectively. These are further divided into five categories and subcategories. Lets understand each of these:
| Identify (ID): Involves understanding the current risk status of organizational assets like people, facilities, systems, hardware, and software. | ID.AM (Asset Management)ID.BE (Business Environment)ID.GV (Governance)ID.RA (Risk Assessment)ID.RM (Risk Management Strategy) |
| Protect (PR): Aids in securing identified assets by reducing the likelihood and impact of cybersecurity threats while enhancing opportunities. | PR.AC (Access Control)PR.AT (Awareness and Training)PR.DS (Data Security)PR.IP (Information Protection Processes and Procedures)PR.MA (Maintenance)PR.PT (Protective Technology) |
| Detect (DE): Helps teams discover and analyze anomalies and threat indicators that signal an ongoing or previous attack. | DE.AE (Anomalies and Events)DE.CM (Security Continuous Monitoring)DE.DP (Detection Processes) |
| Respond (RS): Supports actions that help mitigate and contain damages caused by a security attack. | RS.RP (Response Planning)RS.CO (Communications)RS.AN (Analysis)RS.MI (Mitigation)RS.IM (Improvements) |
| Recover (RC): Restores operations that have been affected to ensure business recovery and continuity. | RC.RP (Recovery Planning)RC.IM (Improvements)RC.CO (Communications) |
Additional reading
Writing an Effective ISO 27001 Scope Statement Made Easy
Just like how a building is only as good as its foundation, your ISO 27001 certification is only as good as the scope of your Information Security Management Systems (ISMS). Writing the scope statement, therefore, is undeniably one of the most critical things you will do when you kickstart your ISO 27001 compliance journey. To…
CCPA Vs CPRA: Key Differences and Compliance Guide
The CCPA laid the groundwork, but the CPRA is genuinely raising the stakes in data privacy. When compared to the CCPA, the California Privacy Rights Act (CPRA) introduces stricter privacy measures, including the creation of a dedicated enforcement agency, enhanced controls over sensitive data, and new rights for consumers to correct their information. However, the…
Thoropass Alternates: Compare Competitor Features, Pros, Cons
Scanning through hundreds of reviews across software evaluation platforms is not the most feasible way to choose a tool. If you are looking for Thoropass alternatives, you probably went down that road, only to end up more confused than when you started. We tried to simplify this for you. We collected and analyzed hundreds of…
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.
