Acronyms

Acronyms and abbreviations are regularly used by the government for brevity, conciseness, and efficient communication.  We understand that not all abbreviations and acronyms are universally known.  We created this list of commonly used acronyms for you to reference.

AcronymExpansion/ExplanationRelevant link(s)
ACAccess Control
ACSCAustralian Cyber Security Centrehttps://www.cyber.gov.au/
AESAdvanced Encryption Standard
AMAsset Management
AOAuthorization Official
AOAssessment Objective
APTAdvanced Persistent Threat
ATAwareness and Training
AUAudit and Accountability
AUPAcceptable Use Policy
C3PAOCMMC 3rd Party Assessment Organizationhttps://cmmcab.org/c3pao-lp/
CACertification and Accreditation
CASecurity Assessment (yes we know–this is a CMMC thing)
CADComputer Aided Design
CAPCorrective Action Plan
CCACMMC Certified Assessor
CCPCMMC Certified Professional
CDIControlled Defense Information
CDRLContract Delivery Requirements List
CDSECenter for Development of Security Excellencehttps://www.cdse.edu/
CERTComputer Emergency Readiness Team (Now a part of CISA)https://www.us-cert.gov/
CFRCode of Federal Regulations
CISCenter for Internet Securityhttps://www.cisecurity.org/
CISA Cybersecurity and Infrastructure Security Agencyhttps://www.cisa.gov/
CLSContractor Logistics Support
CMConfiguration Management
CMMCCybersecurity Maturity Model Certificationhttps://www.acq.osd.mil/cmmc/index.html
CMMC-ABCybersecurity Maturity Model Certification – Advisory Boardhttps://www.cmmcab.org/
CMVPCryptographic Module Validation Programhttps://csrc.nist.gov/projects/cryptographic-module-validation-program
CNCComputer Numerical Control
COTSCommercial Off The Shelf
CSIRTComputer Security Incident Response Team
CSFCybersecurity Framework
CTIControlled Technical Information
CUI Controlled Unclassified Information
DAMDoD 800-171 Assessment Methodology
DCDomain Controller
DCMADefense Contract Management Agencyhttps://www.dcma.mil/
DCSADefense Counterintelligence and Security Agencyhttps://www.dcsa.mil/
DFARSDoD Federal Acquisition Regulation Supplement
DIBDefense Industrial Base
DIBBSDefense logisitics agency Internet Bid Board Systemhttps://www.dibbs.bsm.dla.mil/
DIBCACDIB Cybersecurity Assessment Center
DIBNETDIB Networkhttps://dibnet.dod.mil/portal/intranet/
DISADefense Information Systems Agencyhttps://public.cyber.mil/
DLADefense Logisitics Agency
DMZDemilitarized Zone
DoDDepartment of Defense
DoDIDoD Instruction
DSCDefense Supply Chain
EARExport Administration Regulations
ECAExternal Certificate Authority
EOExecutive Order
FARFederal Acquisition Regulation
FCI Federal Contract Information
FedRAMPFederal Risk and Authorization Management Programhttps://marketplace.fedramp.gov/#!/products
FIPSFederal Information Processing Standards
FISMAFederal Information Security Modernization Act
FYFiscal Year
HIPAAHealth Information Portability and Accountability Acthttps://www.hhs.gov/hipaa/index.html
HITECHHealth Information Technology for Economic and Clinical Health (Act)https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html
IAIdenification and Authentication
IAWIn Accordance With
ICSIndustrial Control Systems
IDSIntrusion Detection System
IOCIndicators Of Compromise
IPInternet Protocol
IPIntellectual Property
IPSIntrusion Prevention System
IRIncident Response Plan
IRPIncident Response Plan
ITInformation Technology
ITARInternational Traffic in Arms Regulation
KBKnowledge Basehttps://www.reddit.com/r/TotemKnowledgeBase/
LMSLearning Management System
MAMaintenance
MACMachine Address Code
MFAMultifactor Authentication
MPMedia Protection
MSMicrosoft
MSPManaged Service Provider
MSSPManaged Security Service Provider
MTDMaximum Tolerable Downtime
NACNetwork Access Control
NARANational Archives and Records Administrationhttps://www.archives.gov/cui
NISTNational Institutes of Standards and Technologyhttps://www.nist.gov/
NTANetwork Traffic Analysis
OAOrganizational Action
OODAObserve Orient Decide Act
OTOperational Technology
PAOBOAUProcess Acting On Behalf Of an Authorized User
PEPhysical and Environmental protection
PICERLPrepare, Identify, Contain, Eradicate, Recover, Lessons Learned
PIEEProcurement Integrated Enterprise Environmenthttps://piee.eb.mil/piee-landing/
POA&MPlan of Action and Milestones
PSPersonnel Security
PWPassword
REREcovery
RFIRequest for Information
RFPRequest For Proposal
RMRisk Management
RMFRisk Management Framework
RPRegistered Practitioner
RPORegistered Practitioner Organization (CMMC)
RPORecovery Point Objective
RTORecovery Time Objective
SASituational Awareness
SARSecurity Assessment Report
SCSystem and Communications Protection
SCGSecurity Classification Guide
SCADASupervisory Control And Data Acquisition
SISystem and Information Integrity
SIEMSecurity Information and Event Management
SOCSecurity Operations Center
SPSpecial Publication
SSPSystem Security Plan
SANS SANS Institute (they never use the expansion of the acronym)https://www.sans.org/
SPRSSupplier Performance Risk Systemhttps://sprs.csd.disa.mil/sprs/goCtrHome.action
STIGSecurity Technical Implementation Guidehttps://public.cyber.mil/stigs/
TCPTransport Control Protocol
UDPUser Datagram Protocol
UNUsername
VPNVirtual Private Network
WAPWireless Access Point
WEPWired Equivalency Protocol
WPAWiFi Protected Access
WPSWiFi Protected Setup
WRTWith Respect To