Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST SP 800-53

NIST SP 800-53

NIST SP 800-53 is a special publication by the National Institute of Standards and Technology; titled–Security and Privacy Controls for Information Systems and Organizations. It provides a comprehensive set of security and privacy controls organized into control families that support the development of safe and secure information systems.

Primarily developed for federal agencies, it can be used by any organization willing to strengthen its cybersecurity.

Controls catalog falls into three types:

Technical Controls: These include advanced solutions such as encryption and access controls.
Operational Controls: These focus on solving security issues relating to everyday operations, including physical security.
Management Controls: These highlight policies and procedures and governance initiatives.

NIST 800-53 also provides control baselines which are classified into categories that are low, moderate, and high class. Such baselines outline the potential impact security breaches could have on the information system so that organizations can decide what controls would be most applicable. The framework also gives supplemental guidance to assist the organization in implementing the controls effectively.

NIST 800-53 integrates with other NIST frameworks and is updated to keep organizations in pace with the changing technological and threat landscape. Revision 5 enhances a focus on privacy, expands control families, and generally makes it applicable to more orgs and use cases.

Additional reading

Blogs GRC

IT GRC (Governance, Risk, & Compliance) For Scaling Businesses

Investment in IT increases as businesses expand and scale, with funding to support strategic goals. With it, the focus on practices like data analytics, building a cloud infrastructure, and improving cybersecurity measures increases to keep up with the growing technology demand. GRC plays a crucial role in supporting this investment by ensuring sustainable growth and…

Quantum computing & Post-quantum Cryptography_ How GRC leaders are preparing for this decade's Y2K_

Quantum computing & Post-quantum Cryptography: GRC’s Y2K Moment?

Imagine a world where your personal messages, health records, banking transactions, and confidential information are exposed in seconds because someone could break the encryption methods you trust. A decade ago, this would have seemed like a sci-fi plot, but today, it has the potential to become a very real possibility. As we look toward 2025,…

Blogs PCI DSS

PCI Password Requirements & Recommended Controls

The Payment Card Industry Data Security Standard (PCI DSS) requires merchants processing cardholder data to implement a set of security measures to protect it. PCI guidelines offer best practices and recommendations to ensure data security. These guidelines ensure the integrity and confidentiality of payment data. This article discusses your obligations as a cardholder data processor,…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales