Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is the NIST Cybersecurity Framework (CSF)?

NIST is a federal agency within the US Department of Commerce that creates guidelines, frameworks, and policies that support innovation in science and technology. It was created in response to Presidential Executive Order 13636, The National Institute of Standards and Technology (NIST) created a Cybersecurity Framework (CSF) in 2014. 

The NIST Cybersecurity Framework provides guidance to organizations on how to mitigate, handle, and monitor security threats. Only federal agencies and their vendors, contractors, and partners are mandated to comply with NIST CSF. 

Many private organizations voluntarily implement NIST CSF principles into their compliance and security programs. Self-attestation does not require an audit, and there is no accrediting body that awards certificates for compliance. 

NIST CSF is based on five core functions intended to holistically safeguard organizations from security risks. 

  • Identify: Develop an understanding of possible security risks as they relate to a company’s people, processes, and technology.

  • Protect: Establish cybersecurity protocols and principles that actively and passively defend a company’s infrastructure from security breaches.

  • Detect: Continuously monitor a company’s infrastructure for anomalous events, malicious activity, and system weaknesses.

  • Respond: Ensure a proper response strategy that effectively eliminates a security threat while also keeping company production on track.
  • Recover: Maintain the integrity of all systems so that a company’s people, processes, and technologies can return to a stronger, more efficient state of operations.

{{cta_simple3="/cta-modules"}}

Additional resources you might like:

Product updates
Event
The Future of GRC

Join our virtual event broadcast to hear product updates and renowned security experts on the future of GRC.

Compliance
Event
Save time on security reviews with Questionnaire Automation & Trust Center

Join us to learn how Questionnaire Automation & Trust Center help security teams with questionnaires.

HIPAA
Event
Choosing the right HITRUST certification level and streamlining implementation

As an authorized reseller, Vanta’s pre-built HITRUST solution natively includes the necessary controls, documents, and policies - eliminating the manual “do-it-yourself” approach that other platforms require. Curious to see this in action? Join Vanta and HITRUST for a live session!

Additional resources you might like:

Product updates
Event
The Future of GRC

Join our virtual event broadcast to hear product updates and renowned security experts on the future of GRC.

Compliance
Event
Save time on security reviews with Questionnaire Automation & Trust Center

Join us to learn how Questionnaire Automation & Trust Center help security teams with questionnaires.

HIPAA
Event
Choosing the right HITRUST certification level and streamlining implementation

As an authorized reseller, Vanta’s pre-built HITRUST solution natively includes the necessary controls, documents, and policies - eliminating the manual “do-it-yourself” approach that other platforms require. Curious to see this in action? Join Vanta and HITRUST for a live session!

Compliance
Event
How to Automate ISO 27001 & SOC 2 Compliance

Join Vanta’s 45-minute live product demo. Two of our team members will walk you through the platform and answer your questions in real time.

Compliance
Event
Demystifying the EU AI Act

Ready to Navigate the EU AI Act? Join us for our webinar, “Demystifying the EU AI Act” where we'll break down everything you need to know about this game-changing regulation.

Compliance
Event
How to Launch & Scale Your GRC Program Effectively with Vanta

Finding it challenging to launch or scale your GRC program? You’re not alone. Join our interactive webinar to get practical insights and solutions.

Compliance
Event
How Traffyk.ai Used Compliance to Unlock Enterprise Opportunities

Watch our webinar with Traffyk.ai as we demystify the compliance process. We will explore how Traffyk.ai, a SaaS Employee Communications Performance Platform, leveraged Vanta’s automation to streamline their ISO 27001 certification process, ultimately helping them secure enterprise clients.

Compliance
Event
How to Automate SOC 2 & ISO 27001 Compliance

Join Vanta’s 45-minute live product demo on August 7th at 11 am PST. Two of our team members will walk you through the platform and answer your questions in real time.

Compliance
Event
How to Automate ISO 27001 & SOC 2 Compliance

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo.