ControlFramePrecise, Trusted, Evidence-led, Enterprise-ready
Book demo
GlossaryDraft

Compliance operating system glossary

A draft glossary for compliance buyers, auditors, developers, and partners.

Review status
220 glossary entries generated. Definitions are draft-gated.
Access reviewAgent runAgent workflowArtifact manifestAssessorAttestationAudit evidenceAudit packageAudit trailAuditor portalBAABreach notificationBusiness associateChange managementChain of custodyCommon controlCompensating controlConnectorControl familyControl ownerControl snapshotCrosswalkData Processing AddendumDeficiencyDrift sentinelEdge collectorEvidence artifactEvidence hashEvidence sufficiencyExceptionFindingFramework authorityFramework packGovernance risk and complianceHIPAA Security RuleHITRUST assessmentImmutable logISMSKey controlMaterial changeMitigation planmTLSNative control IDOSCALPackage gatePenetration testPolicy exceptionPrivate runnerPrivilege escalationProcurement packetReadiness scoreRedaction reviewRegulatory filingRemediation proposalResponsible AIRisk registerRLSSAMLSCIMSOC 2 Type IISource authoritySpecialist agentSubprocessorSystem and Organization ControlsTrust centerTrust Services CriteriaUATVendor questionnaireWCAG 2.2 AAWhite-label deploymentCMS EDE Year 9CMS EDE Year 9 control familyCMS EDE Year 9 evidenceCMS EDE Year 9 crosswalkCMS EDE Year 9: Application UICMS EDE Year 9: API FITCMS EDE Year 9: Language accessCMS EDE Year 9: AccessibilityCMS EDE Year 9: ARC-AMPEHITRUST CSFHITRUST CSF control familyHITRUST CSF evidenceHITRUST CSF crosswalkHITRUST CSF: Information protectionHITRUST CSF: EndpointHITRUST CSF: AccessHITRUST CSF: Risk managementSOC 2 Type II control familySOC 2 Type II evidenceSOC 2 Type II crosswalkSOC 2 Type II: SecuritySOC 2 Type II: AvailabilitySOC 2 Type II: ConfidentialitySOC 2 Type II: Processing integritySOC 2 Type II: PrivacyHIPAA Security Rule control familyHIPAA Security Rule evidenceHIPAA Security Rule crosswalkHIPAA Security Rule: Administrative safeguardsHIPAA Security Rule: Physical safeguardsHIPAA Security Rule: Technical safeguardsHIPAA Breach Notification RuleHIPAA Breach Notification Rule control familyHIPAA Breach Notification Rule evidenceHIPAA Breach Notification Rule crosswalkHIPAA Breach Notification Rule: Individual noticeHIPAA Breach Notification Rule: Media noticeHIPAA Breach Notification Rule: Secretary noticeHIPAA Breach Notification Rule: Business associate noticeNIST SP 800-53NIST SP 800-53 control familyNIST SP 800-53 evidenceNIST SP 800-53 crosswalkNIST SP 800-53: ACNIST SP 800-53: AUNIST SP 800-53: CMNIST SP 800-53: IANIST SP 800-53: IRNIST SP 800-53: RANIST SP 800-53: SCNIST SP 800-53: SINIST Cybersecurity FrameworkNIST Cybersecurity Framework control familyNIST Cybersecurity Framework evidenceNIST Cybersecurity Framework crosswalkNIST Cybersecurity Framework: GovernNIST Cybersecurity Framework: IdentifyNIST Cybersecurity Framework: ProtectNIST Cybersecurity Framework: DetectNIST Cybersecurity Framework: RespondNIST Cybersecurity Framework: RecoverISO/IEC 27001ISO/IEC 27001 control familyISO/IEC 27001 evidenceISO/IEC 27001 crosswalkISO/IEC 27001: OrganizationalISO/IEC 27001: PeopleISO/IEC 27001: PhysicalISO/IEC 27001: TechnologicalISO/IEC 42001ISO/IEC 42001 control familyISO/IEC 42001 evidenceISO/IEC 42001 crosswalkISO/IEC 42001: AI managementISO/IEC 42001: RiskISO/IEC 42001: ImpactISO/IEC 42001: LifecyclePCI DSSPCI DSS control familyPCI DSS evidencePCI DSS crosswalkPCI DSS: Network securityPCI DSS: Account dataPCI DSS: VulnerabilityPCI DSS: AccessPCI DSS: MonitoringFedRAMPFedRAMP control familyFedRAMP evidenceFedRAMP crosswalkFedRAMP: LowFedRAMP: ModerateFedRAMP: HighFedRAMP: Continuous monitoringCMMCCMMC control familyCMMC evidenceCMMC crosswalkCMMC: Level 1CMMC: Level 2CMMC: Level 3GDPRGDPR control familyGDPR evidenceGDPR crosswalkGDPR: LawfulnessGDPR: RightsGDPR: Controller obligationsGDPR: SecurityGDPR: TransfersUK GDPRUK GDPR control familyUK GDPR evidenceUK GDPR crosswalkUK GDPR: LawfulnessUK GDPR: RightsUK GDPR: Controller obligationsUK GDPR: SecurityUK GDPR: TransfersNYDFS 23 NYCRR 500NYDFS 23 NYCRR 500 control familyNYDFS 23 NYCRR 500 evidenceNYDFS 23 NYCRR 500 crosswalkNYDFS 23 NYCRR 500: GovernanceNYDFS 23 NYCRR 500: AccessNYDFS 23 NYCRR 500: Incident responseNYDFS 23 NYCRR 500: ReportingCCPA/CPRA + State PrivacyCCPA/CPRA + State Privacy control familyCCPA/CPRA + State Privacy evidenceCCPA/CPRA + State Privacy crosswalkCCPA/CPRA + State Privacy: NoticeCCPA/CPRA + State Privacy: RightsCCPA/CPRA + State Privacy: ContractsCCPA/CPRA + State Privacy: Sensitive dataCCPA/CPRA + State Privacy: AssessmentsNIS2 DirectiveNIS2 Directive control familyNIS2 Directive evidenceNIS2 Directive crosswalkNIS2 Directive: GovernanceNIS2 Directive: Risk managementNIS2 Directive: Incident reportingNIS2 Directive: Supply chainDigital Operational Resilience ActDigital Operational Resilience Act control familyDigital Operational Resilience Act evidenceDigital Operational Resilience Act crosswalkDigital Operational Resilience Act: ICT riskDigital Operational Resilience Act: Incident reporting