Appendix A: List of Acronyms
Appendix A: List of Acronyms
| Acronym
|
Meaning |
|---|---|
|
A&O |
analysis and operations |
|
ACL |
access control list |
|
ADS |
anomaly detection system |
|
A/V |
audio/video |
|
AV |
anti-virus |
|
AVS |
anti-virus software |
|
C&A |
certification and accreditation |
|
CAESARS |
Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report |
|
CBK |
Common Body of Knowledge |
|
CBT |
computer-based training |
|
CCV |
Cybersecurity Capabilities Validation |
|
CD |
compact disc |
|
CERT/CC |
CERT Coordination Center |
|
CIA |
confidentiality, integrity, and availability |
|
CIO |
chief information officer |
|
CISO |
chief information security officer |
|
CISSP |
Certified Information Systems Security Professional |
|
CM |
continuous monitoring |
|
CMMI |
Capability Maturity Model Integration |
|
CMU |
Carnegie Mellon University |
|
CND |
computer network defense |
|
CNDSP |
computer network defense service provider |
|
COBIT |
Control Objectives for Information and related Technology |
|
CONOPS |
concept of operations |
|
COOP |
continuity of operations |
|
COP |
common operational picture |
|
CP |
contingency planning |
|
CSIRT |
computer security incident response team |
|
CVE |
Common Vulnerabilities and Exposures |
|
D/A |
department/agency |
|
DDOS |
distributed denial of service |
|
DHS |
Department of Homeland Security |
|
DISA |
Defense Information Systems Agency |
|
DMZ |
demilitarized zone |
|
DNS |
domain name system |
|
DoD |
Department of Defense |
|
DoS |
denial of service |
|
ETA |
education, training, and awareness |
|
F-CND |
Federal-Computer Network Defense |
|
FAX |
facsimile |
|
FCD |
Federal Continuity Directive |
|
FCMR |
Federal Cybersecurity Maturity Roadmap |
|
FE |
framework extension |
|
FFIEC |
Federal Financial Institutions Examination Council |
|
FIPS |
Federal Information Processing Standards |
|
FIRST |
Forum of Incident Response and Security Teams |
|
FISMA |
Federal Information Security Management Act of 2002 |
|
FNR |
Federal Network Resilience |
|
FNS |
Federal Network Security |
|
FOUO |
for official use only |
|
FYI |
for your information |
|
GFIRST |
Government Forum of Incident Response and Security Teams |
|
GnuPG |
GNU Privacy Guard |
|
GRS |
General Records Schedule |
|
HR |
human resources |
|
IA |
information assurance |
|
IC |
intelligence community |
|
IDPS |
Intrusion Detection and Prevention System |
|
IDS |
intrusion detection system |
|
IEC |
International Electrotechnical Commission |
|
IETF |
Internet Engineering Task Force |
|
IG |
inspector general |
|
IM |
incident management |
|
IMF |
Incident Management Function |
|
IP |
internet protocol |
|
IPS |
intrusion prevention system |
|
IR |
incident response |
|
ISAC |
Information Sharing and Analysis Center |
|
(ISC)2 |
International Information Systems Security Certification Consortium |
|
ISCM |
information system continuous monitoring |
|
ISCP |
Information System Contingency Plan |
|
ISF |
Information Security Forum |
|
ISO |
information security officer OR |
|
ISP |
internet service provider |
|
IT |
information technology |
|
ITGI |
Information Technology Governance Institute |
|
ITIL |
IT Infrastructure Library |
|
JWICS |
Joint Worldwide Intelligence Communications System |
|
LE |
law enforcement |
|
LOA |
letter of agreement |
|
MEF |
mission essential function |
|
MIME |
Multipurpose Internet Mail Extensions |
|
MO |
modus operandi (mode of operation) |
|
MOA |
memorandum of agreement |
|
MOU |
memorandum of understanding |
|
MSSP |
managed security service provider |
|
NARA |
National Archives and Records Administration |
|
NDA |
non-disclosure agreement |
|
NEF |
national essential function |
|
NFAT |
network forensics analysis tools |
|
NIC |
network information centre |
|
NIST |
National Institute of Standards and Technology |
|
NIST SP |
NIST Special Publication |
|
NITTF |
National Insider Threat Task Force |
|
NOC |
network operations centre |
|
NSA |
National Security Agency |
|
NVD |
National Vulnerability Database |
|
OCTAVE |
Operationally Critical Threat, Asset, and Vulnerability Evaluation |
|
OGC |
Office of Government Commerce |
|
OLRC |
Office of the Law Revision Counsel |
|
OMB |
Office of Management and Budget |
|
OPSEC |
operations security |
|
OS |
operating system |
|
PC |
personal computer |
|
PE |
physical and environmental |
|
PGP |
Pretty Good Privacy |
|
PII |
personally identifiable information |
|
PKI |
public key infrastructure |
|
PMEF |
primary mission essential function |
|
POC |
point of contact |
|
QA |
quality assurance |
|
RA |
risk assessment |
|
RDF |
resource description framework |
|
RFC |
request for comments |
|
RSS |
RDF Site Summary |
|
SA |
situational awareness |
|
SCIF |
Sensitive Compartment Information Facility |
|
SDLC |
system development lifecycle |
|
SEI |
Software Engineering Institute |
|
SEIM |
security event and incident management |
|
SIPRNET |
Secret Internet Protocol Router Network |
|
SKiP |
Security Knowledge in Practice |
|
SLA |
service level agreement |
|
S/MIME |
Secure/Multipurpose Internet Mail Extensions |
|
SME |
subject matter expert |
|
SMS |
short message service |
|
SOC |
security operations centre |
|
SOP |
standard operating procedure |
|
SP |
special publication |
|
SSP |
system security plan |
|
STE |
secure terminal equipment |
|
SWO |
senior watch officer |
|
TERENA |
Trans-European Research and Education Networking Association |
|
TICAP |
Trusted Internet Connection Access Provider |
|
TS |
top secret |
|
TT&E |
testing, training, and exercise |
|
US-CERT |
United States Computer Emergency Readiness Team |
|
VPN |
virtual private network |
|
VS |
vulnerability scanning |
|
XML |
Extensible Markup Language |
