Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
NIST CSF Core Functions
The NIST Cybersecurity Framework (NIST CSF) comprises five core functions – Identify, Protect, Detect, Respond, and Recover. These functions offer guidelines to industries, governments, agencies, and organizations of all sizes, sectors, and maturity to manage their cybersecurity risks effectively. These are further divided into five categories and subcategories. Lets understand each of these:
| Identify (ID): Involves understanding the current risk status of organizational assets like people, facilities, systems, hardware, and software. | ID.AM (Asset Management)ID.BE (Business Environment)ID.GV (Governance)ID.RA (Risk Assessment)ID.RM (Risk Management Strategy) |
| Protect (PR): Aids in securing identified assets by reducing the likelihood and impact of cybersecurity threats while enhancing opportunities. | PR.AC (Access Control)PR.AT (Awareness and Training)PR.DS (Data Security)PR.IP (Information Protection Processes and Procedures)PR.MA (Maintenance)PR.PT (Protective Technology) |
| Detect (DE): Helps teams discover and analyze anomalies and threat indicators that signal an ongoing or previous attack. | DE.AE (Anomalies and Events)DE.CM (Security Continuous Monitoring)DE.DP (Detection Processes) |
| Respond (RS): Supports actions that help mitigate and contain damages caused by a security attack. | RS.RP (Response Planning)RS.CO (Communications)RS.AN (Analysis)RS.MI (Mitigation)RS.IM (Improvements) |
| Recover (RC): Restores operations that have been affected to ensure business recovery and continuity. | RC.RP (Recovery Planning)RC.IM (Improvements)RC.CO (Communications) |
Additional reading
A Quick Guide to PHI Disclosure
If you work in a healthcare-related field, you’re familiar with safeguarding patient privacy under HIPAA. But let’s face it—putting those concepts into action can be overwhelming, especially when new challenges arise while identifying protected health information (PHI) and understanding covered entities. Staying up-to-date with evolving regulations and technology is a challenging task. Fear not, though!…
What is ISO 27001 Gap Analysis & How to Get Started ?
The applicability of the ISO 27001 standard can be daunting for companies of all sizes. Faced with a wealth of requirements and best practices, organizations need help determining how to implement the most cost-effective solution. A proper gap analysis looks at a company’s existing security management system about the ISO’s guidelines and can help them…
SOC 2 Requirements: Essential Guidelines for Compliance
SOC 2 compliance isn’t just about ticking boxes—it’s about demonstrating that your organization can securely manage data and protect client privacy. Achieving SOC 2 compliance requires a deep understanding of the Trust Service Criteria (TSCs) and the specific controls necessary to meet them. The SOC 2 framework, defined by the AICPA, offers flexibility, allowing you…
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.
