Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
NIST CSF Core Functions
The NIST Cybersecurity Framework (NIST CSF) comprises five core functions – Identify, Protect, Detect, Respond, and Recover. These functions offer guidelines to industries, governments, agencies, and organizations of all sizes, sectors, and maturity to manage their cybersecurity risks effectively. These are further divided into five categories and subcategories. Lets understand each of these:
| Identify (ID): Involves understanding the current risk status of organizational assets like people, facilities, systems, hardware, and software. | ID.AM (Asset Management)ID.BE (Business Environment)ID.GV (Governance)ID.RA (Risk Assessment)ID.RM (Risk Management Strategy) |
| Protect (PR): Aids in securing identified assets by reducing the likelihood and impact of cybersecurity threats while enhancing opportunities. | PR.AC (Access Control)PR.AT (Awareness and Training)PR.DS (Data Security)PR.IP (Information Protection Processes and Procedures)PR.MA (Maintenance)PR.PT (Protective Technology) |
| Detect (DE): Helps teams discover and analyze anomalies and threat indicators that signal an ongoing or previous attack. | DE.AE (Anomalies and Events)DE.CM (Security Continuous Monitoring)DE.DP (Detection Processes) |
| Respond (RS): Supports actions that help mitigate and contain damages caused by a security attack. | RS.RP (Response Planning)RS.CO (Communications)RS.AN (Analysis)RS.MI (Mitigation)RS.IM (Improvements) |
| Recover (RC): Restores operations that have been affected to ensure business recovery and continuity. | RC.RP (Recovery Planning)RC.IM (Improvements)RC.CO (Communications) |
Additional reading
5 Best Governance, Risk, and Compliance (GRC) Training Course
In 2023, the Ponemon Institute studied 500+ organizations to understand the cost components of mitigating a data breach. Two of the biggest cost amplifiers were security skill shortages and non-compliance with regulations. This is a lesson for modern organizations that don’t take security and compliance seriously. When you don’t prioritize it, you eventually pay the…
HIPAA Compliance Software – Updated for 2025
The healthcare industry has consistently been the top recipient of data breaches for the last 12 years. This fuels the necessity to implement stringent laws such as the Health Insurance Portability and Accountability Act (HIPAA). Entities that handle sensitive patient data can enforce the requirements of this law using a HIPAA compliance software. In this…
12-Step GDPR Compliance Checklist
Applications used in daily life collect large amounts of data through embedded trackers. This data could potentially be used in a cyber attack, leading to a violation of data privacy. According to Salesforce, 60% of their customers felt they had no control over how their personal data is used. The European Union established the General…
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.
