Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST SP 800-53

NIST SP 800-53

NIST SP 800-53 is a special publication by the National Institute of Standards and Technology; titled–Security and Privacy Controls for Information Systems and Organizations. It provides a comprehensive set of security and privacy controls organized into control families that support the development of safe and secure information systems.

Primarily developed for federal agencies, it can be used by any organization willing to strengthen its cybersecurity.

Controls catalog falls into three types:

  • Technical Controls: These include advanced solutions such as encryption and access controls.
  • Operational Controls: These focus on solving security issues relating to everyday operations, including physical security.
  • Management Controls: These highlight policies and procedures and governance initiatives.

NIST 800-53 also provides control baselines which are classified into categories that are low, moderate, and high class. Such baselines outline the potential impact security breaches could have on the information system so that organizations can decide what controls would be most applicable. The framework also gives supplemental guidance to assist the organization in implementing the controls effectively.

NIST 800-53 integrates with other NIST frameworks and is updated to keep organizations in pace with the changing technological and threat landscape. Revision 5 enhances a focus on privacy, expands control families, and generally makes it applicable to more orgs and use cases.

Additional reading

PCI DSS certification

Complete Guide to PCI DSS Certification Process

PCI DSS is for payment card data. It is seen as the gold standard for protecting sensitive authentication data and with PCI DSS 4.0 in effect the requirements have only become more stringent. The newer and stronger version was built after much input from the PCI Community, including 6,000+ comments from 200 companies and many…

7 Best PCI DSS Auditors in 2025

A PCI audit is a thorough examination of a merchant’s compliance with PCI DSS requirements and is done by PCI DSS auditors. It includes numerous individual controls or safeguards for protecting cardholder information (such as the primary account number, CAV/CID/CVC2/CVV2, and other types), as well as systems that interact with payment processing. To conduct an…
HIPAA Compliant Gmail

How to Make Your Existing Gmail Account HIPAA Compliant

If there’s one group of people who are constantly under attack from phishers, it’s healthcare providers. Doctors, nurses, or employees who use Gmail to share sensitive data are more likely than others to have their sensitive data compromised.  To protect your business from being non-compliant with federal HIPAA (Health Insurance Portability and Accountability Act) law,…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.