Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
NIST CSF Core Functions
The NIST Cybersecurity Framework (NIST CSF) comprises five core functions – Identify, Protect, Detect, Respond, and Recover. These functions offer guidelines to industries, governments, agencies, and organizations of all sizes, sectors, and maturity to manage their cybersecurity risks effectively. These are further divided into five categories and subcategories. Lets understand each of these:
| Identify (ID): Involves understanding the current risk status of organizational assets like people, facilities, systems, hardware, and software. | ID.AM (Asset Management)ID.BE (Business Environment)ID.GV (Governance)ID.RA (Risk Assessment)ID.RM (Risk Management Strategy) |
| Protect (PR): Aids in securing identified assets by reducing the likelihood and impact of cybersecurity threats while enhancing opportunities. | PR.AC (Access Control)PR.AT (Awareness and Training)PR.DS (Data Security)PR.IP (Information Protection Processes and Procedures)PR.MA (Maintenance)PR.PT (Protective Technology) |
| Detect (DE): Helps teams discover and analyze anomalies and threat indicators that signal an ongoing or previous attack. | DE.AE (Anomalies and Events)DE.CM (Security Continuous Monitoring)DE.DP (Detection Processes) |
| Respond (RS): Supports actions that help mitigate and contain damages caused by a security attack. | RS.RP (Response Planning)RS.CO (Communications)RS.AN (Analysis)RS.MI (Mitigation)RS.IM (Improvements) |
| Recover (RC): Restores operations that have been affected to ensure business recovery and continuity. | RC.RP (Recovery Planning)RC.IM (Improvements)RC.CO (Communications) |
Additional reading
Top 10 Compliance Reporting Software in 2025
Maintaining regulatory compliance is a familiar challenge for companies, irrespective of their size. Compliance reporting is largely manual and can take up a significant amount of time and resources. And then there’s human error. Needless to say, all of these factors add up—whether it results in inefficiencies or duplication of effort, inaccurate reporting can certainly…
Your Quick & Dirty Guide to G2 Reviews – The Sprinto Way
The G2 Winter Reports for 2023 are out, and we’re thrilled to announce that Sprinto has emerged as the Security Compliance Leader! Sprinto won 11 badges and has broken records as the leader in Security Compliance, Cloud Security, and Cloud Compliance for the third consecutive quarter! Sprinto was also recognized as the ‘Most Implementable Software’…
HIPAA Guidelines: How to Keep Your Patient’s Data Safe
At the very core of the medical practice is the trust between a patient and their physician. To protect this fragile relationship, healthcare organizations need to understand HIPAA Guidelines and how they should be applied when handling patients’ personal data. In this blog post, we discuss the main HIPAA guidelines and why adhering to them…
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.
