Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST Framework Profile

NIST Framework Profile

A NIST Framework Profile is an organization-specific configuration of the NIST Cybersecurity Framework (CSF) based on its business requirements, goals, and appetite for risks. 

Thus, it functions as an adaptation of how such an organization applies the five functional models of the framework – Identify, Protect, Detect, Respond, and Recover.

There are two ways a profile can be used: 

  1. Current profile: The current cybersecurity controls are already implemented in the organization, a fact which is illustrated in this paper. 
  2. Target profile: Describes what the goals require the cybersecurity posture to become in the future. 

The difference between current and target profile will help organizations to define security weaknesses, determine what steps should be taken first, and to create an actionable plan to enhance their security policies. NIST Framework Profile can be adapted to accommodate businesses of any size or type so that all can improve their cybersecurity posture.

Additional reading

Blogs

A Complete Step-By-Step Guide to Getting FISMA Certified

Introduced by the U.S. government in 2022, the Federal Information Security Management Act  (FISMA) aims to protect information security, focusing on “risk-based policy for cost-effective security.”  If you are a federal agency, contractor, or subcontractor looking to be FISMA certified, understanding the process is essential. The official guideline is a lengthy piece of legal jargon…
Blogs

Due Diligence Software [Features, Ratings, & How to Pick The Right One]

A Verizon study found that a staggering 62% of data breaches originate from third-party relations. While external tools and partnerships are critical to ensuring uninterrupted growth, it is not uncommon for them to become a roadblock rather than an enabler, especially if they don’t undergo a filtering process.  Businesses often think that onboarding vendors is…
VAPT
Blogs

VAPT Certification Cost: Key Amplifiers & Tips to Optimize Your Price

If your business needs to be VAPT certified, you should include budgeting in your project’s roadmap. This, however, is easier said than done—businesses often exceed the allocated budget. In most cases, the culprit is a lack of understanding of pricing.  To help you plan better, we have listed the key factors that are the biggest…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales