| Term | Definition |
| Monitor | A compliance check that validates a control, either automatically or manually. |
| Workflow Check | A manual compliance control that requires human verification or evidence upload. |
| Failing | The monitor is not compliant with the control’s expected configuration or policy. |
| Passing | The monitor is compliant with the expected control and requires no action. |
| Pending Evidence | The monitor requires uploaded documentation to confirm compliance. |
| Not in Scope | A user or asset has been marked as out of the control’s applicability. |
| Mark as Resolved | The action used to manually confirm that a failing monitor has been addressed. |
| Dr. Sprinto | A device-level agent used to monitor endpoint compliance (e.g., screen lock, OS updates). |
| Decisioning | The process of marking users or resources as in-scope or excluded from checks. |
| Employee Portal | A user-facing interface for completing tasks like device health reports or confirming compliance actions. |
| Evidence Upload | The process of submitting screenshots, documents, or exports to prove compliance. |
| Root User | A superuser account on platforms like AWS or GitHub that requires strict controls (e.g., MFA). |
| Critical System | A system with access to sensitive data or infrastructure, subject to stricter controls. |
| Point-in-Time Recovery (PITR) | A backup method that allows restoring data to a specific time in the past. |
| Access Review | A review of user permissions to ensure access is aligned with roles and responsibilities. |
| Screen Lock Enforcement | A system policy requiring automatic screen lock after a period of inactivity. |
| Branch Protection Rule | A source control rule that prevents direct changes to production branches without review. |
| Dependabot Alerts | GitHub-native security alerts about vulnerabilities in software dependencies. |
| Encryption Key Management | The process of securely creating, storing, and rotating cryptographic keys. |
| CloudTrail | AWS’s audit logging service that tracks account activity and API usage. |
| Flow Logs | Logs of network traffic for cloud services like AWS VPC, Azure NSG, or GCP VPC. |
| Registry Policy | A Windows system setting defined through the registry to enforce security policies. |
| gpupdate | A Windows command that forces group policy refresh, often used to apply security changes. |
| Service Account | A non-human account used for automation or application access; often excluded from user-level controls. |
| Evidence Trail | The collection of artefacts and logs that demonstrate how controls were implemented. |
| Change Management | A formal process to track, approve, and log changes to systems or processes. |
| Disaster Recovery (DR) | A documented strategy and set of actions to restore systems and data after an outage. |