Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST Framework Profile

NIST Framework Profile

A NIST Framework Profile is an organization-specific configuration of the NIST Cybersecurity Framework (CSF) based on its business requirements, goals, and appetite for risks.

Thus, it functions as an adaptation of how such an organization applies the five functional models of the framework – Identify, Protect, Detect, Respond, and Recover.

There are two ways a profile can be used:

Current profile: The current cybersecurity controls are already implemented in the organization, a fact which is illustrated in this paper.
Target profile: Describes what the goals require the cybersecurity posture to become in the future.

The difference between current and target profile will help organizations to define security weaknesses, determine what steps should be taken first, and to create an actionable plan to enhance their security policies. NIST Framework Profile can be adapted to accommodate businesses of any size or type so that all can improve their cybersecurity posture.

Additional reading

What Is a Virtual CISO? The Benefits of Cybersecurity Leadership

In a 2023 report by IBM on the cost of a data breach, researchers found that appointing a CISO can help reduce the possible financial loss due to an incident to a large extent. Organizations that appointed a CISO saved $130,086 on average compared to those without a CISO in place per incident. This clearly…

Blogs SOC 2

SOC 2 Report: Building Trust Through Compliance

In today’s day and age, data security is a pivotal selling point. Customers and prospects want to know that their data is secure and that the companies they sign on with have sufficient measures to ensure it stays that way. And so, companies are often tasked with proving the effectiveness of their security controls. A…

Blogs Cybersecurity Risk Management

How To Perform a Cyber Security Risk Assessment?

Digital assets and data are the lifeblood of every organization today. But as with everything precious, they’re constantly at risk of being unlawfully accessed, tampered with, stolen, or transmitted. Such malicious actions can not only cause irreparable harm and damage to the organization but can severely hamper future business prospects. Cyber risk assessments are periodical…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales