Acronyms and abbreviations are regularly used by the government for brevity, conciseness, and efficient communication. We understand that not all abbreviations and acronyms are universally known. We created this list of commonly used acronyms for you to reference.
Acronym | Expansion/Explanation | Relevant link(s) |
---|---|---|
AC | Access Control | |
ACSC | Australian Cyber Security Centre | https://www.cyber.gov.au/ |
AES | Advanced Encryption Standard | |
AM | Asset Management | |
AO | Authorization Official | |
AO | Assessment Objective | |
APT | Advanced Persistent Threat | |
AT | Awareness and Training | |
AU | Audit and Accountability | |
AUP | Acceptable Use Policy | |
C3PAO | CMMC 3rd Party Assessment Organization | https://cmmcab.org/c3pao-lp/ |
CA | Certification and Accreditation | |
CA | Security Assessment (yes we know–this is a CMMC thing) | |
CAD | Computer Aided Design | |
CAP | Corrective Action Plan | |
CCA | CMMC Certified Assessor | |
CCP | CMMC Certified Professional | |
CDI | Controlled Defense Information | |
CDRL | Contract Delivery Requirements List | |
CDSE | Center for Development of Security Excellence | https://www.cdse.edu/ |
CERT | Computer Emergency Readiness Team (Now a part of CISA) | https://www.us-cert.gov/ |
CFR | Code of Federal Regulations | |
CIS | Center for Internet Security | https://www.cisecurity.org/ |
CISA | Cybersecurity and Infrastructure Security Agency | https://www.cisa.gov/ |
CLS | Contractor Logistics Support | |
CM | Configuration Management | |
CMMC | Cybersecurity Maturity Model Certification | https://www.acq.osd.mil/cmmc/index.html |
CMMC-AB | Cybersecurity Maturity Model Certification – Advisory Board | https://www.cmmcab.org/ |
CMVP | Cryptographic Module Validation Program | https://csrc.nist.gov/projects/cryptographic-module-validation-program |
CNC | Computer Numerical Control | |
COTS | Commercial Off The Shelf | |
CSIRT | Computer Security Incident Response Team | |
CSF | Cybersecurity Framework | |
CTI | Controlled Technical Information | |
CUI | Controlled Unclassified Information | |
DAM | DoD 800-171 Assessment Methodology | |
DC | Domain Controller | |
DCMA | Defense Contract Management Agency | https://www.dcma.mil/ |
DCSA | Defense Counterintelligence and Security Agency | https://www.dcsa.mil/ |
DFARS | DoD Federal Acquisition Regulation Supplement | |
DIB | Defense Industrial Base | |
DIBBS | Defense logisitics agency Internet Bid Board System | https://www.dibbs.bsm.dla.mil/ |
DIBCAC | DIB Cybersecurity Assessment Center | |
DIBNET | DIB Network | https://dibnet.dod.mil/portal/intranet/ |
DISA | Defense Information Systems Agency | https://public.cyber.mil/ |
DLA | Defense Logisitics Agency | |
DMZ | Demilitarized Zone | |
DoD | Department of Defense | |
DoDI | DoD Instruction | |
DSC | Defense Supply Chain | |
EAR | Export Administration Regulations | |
ECA | External Certificate Authority | |
EO | Executive Order | |
FAR | Federal Acquisition Regulation | |
FCI | Federal Contract Information | |
FedRAMP | Federal Risk and Authorization Management Program | https://marketplace.fedramp.gov/#!/products |
FIPS | Federal Information Processing Standards | |
FISMA | Federal Information Security Modernization Act | |
FY | Fiscal Year | |
HIPAA | Health Information Portability and Accountability Act | https://www.hhs.gov/hipaa/index.html |
HITECH | Health Information Technology for Economic and Clinical Health (Act) | https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html |
IA | Idenification and Authentication | |
IAW | In Accordance With | |
ICS | Industrial Control Systems | |
IDS | Intrusion Detection System | |
IOC | Indicators Of Compromise | |
IP | Internet Protocol | |
IP | Intellectual Property | |
IPS | Intrusion Prevention System | |
IR | Incident Response Plan | |
IRP | Incident Response Plan | |
IT | Information Technology | |
ITAR | International Traffic in Arms Regulation | |
KB | Knowledge Base | https://www.reddit.com/r/TotemKnowledgeBase/ |
LMS | Learning Management System | |
MA | Maintenance | |
MAC | Machine Address Code | |
MFA | Multifactor Authentication | |
MP | Media Protection | |
MS | Microsoft | |
MSP | Managed Service Provider | |
MSSP | Managed Security Service Provider | |
MTD | Maximum Tolerable Downtime | |
NAC | Network Access Control | |
NARA | National Archives and Records Administration | https://www.archives.gov/cui |
NIST | National Institutes of Standards and Technology | https://www.nist.gov/ |
NTA | Network Traffic Analysis | |
OA | Organizational Action | |
OODA | Observe Orient Decide Act | |
OT | Operational Technology | |
PAOBOAU | Process Acting On Behalf Of an Authorized User | |
PE | Physical and Environmental protection | |
PICERL | Prepare, Identify, Contain, Eradicate, Recover, Lessons Learned | |
PIEE | Procurement Integrated Enterprise Environment | https://piee.eb.mil/piee-landing/ |
POA&M | Plan of Action and Milestones | |
PS | Personnel Security | |
PW | Password | |
RE | REcovery | |
RFI | Request for Information | |
RFP | Request For Proposal | |
RM | Risk Management | |
RMF | Risk Management Framework | |
RP | Registered Practitioner | |
RPO | Registered Practitioner Organization (CMMC) | |
RPO | Recovery Point Objective | |
RTO | Recovery Time Objective | |
SA | Situational Awareness | |
SAR | Security Assessment Report | |
SC | System and Communications Protection | |
SCG | Security Classification Guide | |
SCADA | Supervisory Control And Data Acquisition | |
SI | System and Information Integrity | |
SIEM | Security Information and Event Management | |
SOC | Security Operations Center | |
SP | Special Publication | |
SSP | System Security Plan | |
SANS | SANS Institute (they never use the expansion of the acronym) | https://www.sans.org/ |
SPRS | Supplier Performance Risk System | https://sprs.csd.disa.mil/sprs/goCtrHome.action |
STIG | Security Technical Implementation Guide | https://public.cyber.mil/stigs/ |
TCP | Transport Control Protocol | |
UDP | User Datagram Protocol | |
UN | Username | |
VPN | Virtual Private Network | |
WAP | Wireless Access Point | |
WEP | Wired Equivalency Protocol | |
WPA | WiFi Protected Access | |
WPS | WiFi Protected Setup | |
WRT | With Respect To |