Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST SP 800-53

NIST SP 800-53

NIST SP 800-53 is a special publication by the National Institute of Standards and Technology; titled–Security and Privacy Controls for Information Systems and Organizations. It provides a comprehensive set of security and privacy controls organized into control families that support the development of safe and secure information systems.

Primarily developed for federal agencies, it can be used by any organization willing to strengthen its cybersecurity.

Controls catalog falls into three types:

  • Technical Controls: These include advanced solutions such as encryption and access controls.
  • Operational Controls: These focus on solving security issues relating to everyday operations, including physical security.
  • Management Controls: These highlight policies and procedures and governance initiatives.

NIST 800-53 also provides control baselines which are classified into categories that are low, moderate, and high class. Such baselines outline the potential impact security breaches could have on the information system so that organizations can decide what controls would be most applicable. The framework also gives supplemental guidance to assist the organization in implementing the controls effectively.

NIST 800-53 integrates with other NIST frameworks and is updated to keep organizations in pace with the changing technological and threat landscape. Revision 5 enhances a focus on privacy, expands control families, and generally makes it applicable to more orgs and use cases.

Additional reading

Honest OneTrust Review: Automation, Compliance, and The Cost of Complexity 

For teams looking to solidify and scale their compliance programs, OneTrust has probably been discussed. It’s often seen as a safe and reliable option. OneTrust seeks to help organizations meet privacy compliance requirements and strengthen data protection through frameworks like GDPR and CCPA.  While it offers broad compliance coverage and automation capabilities, is the journey…

What includes in the Scope of GDPR ?

The General Data Protection Regulation (GDPR) aims to protect the privacy and rights of data subjects (individuals) in the European Union by regulating data processing activities conducted by businesses. Controllers or Processors outside the European Union often doubt whether they are required to comply, given that they do not have offices operating in the EU…

HIPAA Guidelines for Telehealth Companies

A CDC report states, ‘the number of telehealth service providers in the United States went up by 154% in 2020 compared to 2019’. This radical spike kept climbing even after the COVID-19 pandemic. Large volumes of medical data were transmitted over electronic mediums in this period alone. With this unexpected influx of ePHI (e- Protected…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales