Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST SP 800-53

NIST SP 800-53

NIST SP 800-53 is a special publication by the National Institute of Standards and Technology; titled–Security and Privacy Controls for Information Systems and Organizations. It provides a comprehensive set of security and privacy controls organized into control families that support the development of safe and secure information systems.

Primarily developed for federal agencies, it can be used by any organization willing to strengthen its cybersecurity.

Controls catalog falls into three types:

  • Technical Controls: These include advanced solutions such as encryption and access controls.
  • Operational Controls: These focus on solving security issues relating to everyday operations, including physical security.
  • Management Controls: These highlight policies and procedures and governance initiatives.

NIST 800-53 also provides control baselines which are classified into categories that are low, moderate, and high class. Such baselines outline the potential impact security breaches could have on the information system so that organizations can decide what controls would be most applicable. The framework also gives supplemental guidance to assist the organization in implementing the controls effectively.

NIST 800-53 integrates with other NIST frameworks and is updated to keep organizations in pace with the changing technological and threat landscape. Revision 5 enhances a focus on privacy, expands control families, and generally makes it applicable to more orgs and use cases.

Additional reading

cybersecurity risk management
Blogs Cybersecurity

Cybersecurity Risk Management: Identifying and Managing Threats

When it comes to staying safe online, cyber security risk management is the key. But the idea of creating a thoughtful plan and process may sound intimidating—especially if you’re unsure where to begin.  That’s why we’ve taken the time to research and outline what a cybersecurity risk management process is and why it is important….
GDPR compliance cost
Blogs GDPR

​​Compliance Q&A: How much does GDPR compliance cost?

Does GDPR seem like a jigsaw puzzle?We know it can get confusing, but it’s a high-stakes game, and a missing piece can lead to losses of millions of dollars and heavy sanctions.  The latest €1.2 billion fine handed down to Meta by the Irish Data Protection Commissioner is a prime example. High-profile fines like those…
Guide to ISMS Awareness Training Program
Blogs ISO 27001

Your Guide to ISMS Awareness Training Program

In the age of cloud computing, information is vulnerable. Bad actors are always on the lookout for their next target. They scope for vulnerabilities in an organization’s ISMS (Information Security Management System) and exploit them. This often disrupts business activities. Businesses look at security as a one-time activity and often forget that their employees are…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales