Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST CSF Informative References

NIST CSF Informative References

Informative references in NIST CSF are the sources that help to achieve a particular requirement. These sources are mapped to other guidelines, frameworks, or practices that are common among all sectors. 

For example, the Identify function in NIST CSF includes the subcategory that requires users to build an inventory for their physical devices and systems. The informative references for achieving this include the following: 

  • CIS CSC 1 
  • COBIT 5 BAI09.01, BAI09.02 
  • ISA 62443-2-1:2009 4.2.3.4 
  • ISA 62443-3-3:2013 SR 7.8 
  • ISO/IEC 27001:2013 A.8.1.1, A.8.1.2 
  • NIST SP 800-53 Rev. 4 CM-8, PM-5

Additional reading

Cybersecurity Vulnerabilities
Blogs Cybersecurity

Understanding Cybersecurity Vulnerabilities And How They Put You At Risk 

From managing finances to connecting with our loved ones, your digital footprints continue to expand. Yet, with every click, scroll, and connection, you leave yourselves vulnerable to unpredictable security risks. Cyber security and Infrastructure Security Agency recently raised an alarm in Palo Alto Networks’ Expedition tool, highlighting the risks that lie within seemingly innocuous software. …
PCI Penetration Testing
Blogs PCI DSS

What is PCI Penetration Testing and How it Works + Downloadable Template

For every lock, there is someone out there trying to pick it and break in. – David Bernstein.  We check our home’s lock twice before leaving. Do you ensure the same thing in maintaining your customer data? Yes, we are talking about the PCI penetration testing. Organizations that store, process, and handle credit cards and…
FISMA vs Fedramp
Blogs FISMA

Fisma vs FedRAMP Certification – Major Differences and Similarities

For Cloud Service Providers (CSPs) and companies wanting to work with United States Federal Government agencies, getting certified is crucial. However, there needs to be more clarity about which certification to go for. When it comes to working with the government, the main certifications you need to know about are FedRAMP (Federal Risk and Authorization…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales