Acronyms and abbreviations are regularly used by the government for brevity, conciseness, and efficient communication.  We understand that not all abbreviations and acronyms are universally known.  We created this list of commonly used acronyms for you to reference.

AcronymExpansion/ExplanationRelevant link(s)
ACAccess Control
ACSCAustralian Cyber Security Centre
AESAdvanced Encryption Standard
AMAsset Management
AOAuthorization Official
AOAssessment Objective
APTAdvanced Persistent Threat
ATAwareness and Training
AUAudit and Accountability
AUPAcceptable Use Policy
C3PAOCMMC 3rd Party Assessment Organization
CACertification and Accreditation
CASecurity Assessment (yes we know–this is a CMMC thing)
CADComputer Aided Design
CAPCorrective Action Plan
CCACMMC Certified Assessor
CCPCMMC Certified Professional
CDIControlled Defense Information
CDRLContract Delivery Requirements List
CDSECenter for Development of Security Excellence
CERTComputer Emergency Readiness Team (Now a part of CISA)
CFRCode of Federal Regulations
CISCenter for Internet Security
CISA Cybersecurity and Infrastructure Security Agency
CLSContractor Logistics Support
CMConfiguration Management
CMMCCybersecurity Maturity Model Certification
CMMC-ABCybersecurity Maturity Model Certification – Advisory Board
CMVPCryptographic Module Validation Program
CNCComputer Numerical Control
COTSCommercial Off The Shelf
CSIRTComputer Security Incident Response Team
CSFCybersecurity Framework
CTIControlled Technical Information
CUI Controlled Unclassified Information
DAMDoD 800-171 Assessment Methodology
DCDomain Controller
DCMADefense Contract Management Agency
DCSADefense Counterintelligence and Security Agency
DFARSDoD Federal Acquisition Regulation Supplement
DIBDefense Industrial Base
DIBBSDefense logisitics agency Internet Bid Board System
DIBCACDIB Cybersecurity Assessment Center
DISADefense Information Systems Agency
DLADefense Logisitics Agency
DMZDemilitarized Zone
DoDDepartment of Defense
DoDIDoD Instruction
DSCDefense Supply Chain
EARExport Administration Regulations
ECAExternal Certificate Authority
EOExecutive Order
FARFederal Acquisition Regulation
FCI Federal Contract Information
FedRAMPFederal Risk and Authorization Management Program!/products
FIPSFederal Information Processing Standards
FISMAFederal Information Security Modernization Act
FYFiscal Year
HIPAAHealth Information Portability and Accountability Act
HITECHHealth Information Technology for Economic and Clinical Health (Act)
IAIdenification and Authentication
IAWIn Accordance With
ICSIndustrial Control Systems
IDSIntrusion Detection System
IOCIndicators Of Compromise
IPInternet Protocol
IPIntellectual Property
IPSIntrusion Prevention System
IRIncident Response Plan
IRPIncident Response Plan
ITInformation Technology
ITARInternational Traffic in Arms Regulation
KBKnowledge Base
LMSLearning Management System
MACMachine Address Code
MFAMultifactor Authentication
MPMedia Protection
MSPManaged Service Provider
MSSPManaged Security Service Provider
MTDMaximum Tolerable Downtime
NACNetwork Access Control
NARANational Archives and Records Administration
NISTNational Institutes of Standards and Technology
NTANetwork Traffic Analysis
OAOrganizational Action
OODAObserve Orient Decide Act
OTOperational Technology
PAOBOAUProcess Acting On Behalf Of an Authorized User
PEPhysical and Environmental protection
PICERLPrepare, Identify, Contain, Eradicate, Recover, Lessons Learned
PIEEProcurement Integrated Enterprise Environment
POA&MPlan of Action and Milestones
PSPersonnel Security
RFIRequest for Information
RFPRequest For Proposal
RMRisk Management
RMFRisk Management Framework
RPRegistered Practitioner
RPORegistered Practitioner Organization (CMMC)
RPORecovery Point Objective
RTORecovery Time Objective
SASituational Awareness
SARSecurity Assessment Report
SCSystem and Communications Protection
SCGSecurity Classification Guide
SCADASupervisory Control And Data Acquisition
SISystem and Information Integrity
SIEMSecurity Information and Event Management
SOCSecurity Operations Center
SPSpecial Publication
SSPSystem Security Plan
SANS SANS Institute (they never use the expansion of the acronym)
SPRSSupplier Performance Risk System
STIGSecurity Technical Implementation Guide
TCPTransport Control Protocol
UDPUser Datagram Protocol
VPNVirtual Private Network
WAPWireless Access Point
WEPWired Equivalency Protocol
WPAWiFi Protected Access
WPSWiFi Protected Setup
WRTWith Respect To