Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST CSF Informative References

NIST CSF Informative References

Informative references in NIST CSF are the sources that help to achieve a particular requirement. These sources are mapped to other guidelines, frameworks, or practices that are common among all sectors. 

For example, the Identify function in NIST CSF includes the subcategory that requires users to build an inventory for their physical devices and systems. The informative references for achieving this include the following: 

  • CIS CSC 1 
  • COBIT 5 BAI09.01, BAI09.02 
  • ISA 62443-2-1:2009 4.2.3.4 
  • ISA 62443-3-3:2013 SR 7.8 
  • ISO/IEC 27001:2013 A.8.1.1, A.8.1.2 
  • NIST SP 800-53 Rev. 4 CM-8, PM-5

Additional reading

HIPAA Business Associate Agreement
Blogs HIPAA

HIPAA Business Associate Agreement – Complete Guide

Healthcare businesses often assume that if a vendor is trusted or has experience working with another healthcare service before, they’re automatically covered. But HIPAA doesn’t work on assumptions.  Without a BAA (Business Associate Agreement), even well-intentioned data sharing can turn into a compliance nightmare. This is because businesses need assurance that service providers accessing PHI…
SOC 2 type 2
Blogs SOC 2

How to get SOC 2 Type 2 Certification

Getting a SOC 2 type 2 certification is critical to building trust and demonstrating to your customers that you take data security and protection seriously. While there isn’t any legal obligation to comply with SOC 2, getting your organization SOC 2 attested has many advantages.  For one, it helps you stand out and removes friction…
ISO 27001 vs ISO 27002
Blogs ISO 27001

ISO 27001 vs ISO 27002: What’s the Difference?

More often than not, you have to convincingly demonstrate data security to inspire confidence and trust when you win a new client or enter new geographies. The ISO 27000 series, developed by the International Organization for Standardization (ISO) in partnership with the International Electrotechnical Commission (IEC), offers a globally-accepted information security benchmark in this regard. …

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales