Cybersecurity is renowned for having many acronyms, some with multiple meanings. Here we look at many of the popular security acronyms.
You can also check out our other resources <here>.
Common Cyber
Security Acronyms
| Accronym | Definition |
|---|---|
| A&A | Assessment and Authorization |
| ADP | Automated Data Processing |
| AES | Advanced Encryption Standard |
| AIMS | Automated Infrastructure Management System |
| AIS | Automated Information Systems |
| AMIDS | Audit Monitoring and Intrusion Detection System |
| ANSI | American National Standards Institute |
| AO | Authorizing Official |
| AODR | Authorizing Official Designated Representative |
| APT | Advanced Persistent Threat |
| ASIMS | Automated Security Incident Measuring System |
| ASSIST | Automated System Security Incident Support Team |
| ATC | Authorization to Connect |
| ATD | Authorization Termination Date |
| ATM | Asynchronous Transfer Mode |
| ATO | Authorization to Operate |
| AV | Antivirus |
| BIOS | Basic Input and Output System |
| Botnet | Robot Network |
| C&A | Certification and Accreditation |
| C&A WG | Certification and Accreditation Working Group |
| C2 | Command and Control |
| C2W | Command and Control Warfare |
| C4 | Command, Control, Communications, and Computers |
| C4ISR | Command, Control, Communications, Computer, Intelligence, Surveilance and Reconnaisssance |
| CA | Certification Authority |
| CAAP | Critical Asset Assurance Program |
| CAC | Common Access Card |
| CAP | Connection Approval Program |
| CAPTCHA | Completely Automated Public Turing Test to Tell Computers and Humans Apart |
| CC | Common Criteria |
| CCA | Clinger-Cohen Act |
| CCB | Configuration Control Board |
| CCI | Control Correlation Identifier |
| CD | Cross Domain |
| CDS | Cross-Domain Solution |
| CEH | Certified Ethical Hacker |
| CERT | Computer Emergency Response Team |
| CERT/CC | CERT/Coordination Center |
| CFR | Code of Federal Regulations |
| CI | Counterintelligence |
| CIAC | Computer Incident Advisory Capability |
| CIAO | Critical Infrastructure Assurance office |
| CIO | Chief Information Officer |
| CIP | Critical Infrastructure Protection |
| CIPWG | Critical Infrastructure Protection Working Group |
| CIRT | Computer Incident Response Team |
| CISA | Certified Information Systems Auditor |
| CISO | Chief Information Security Officer |
| CISSP | Certified Information Systems Security Professional |
| CITAC | Computer Investigation and Infrastructure Threat Assessment Center |
| CMDS | Computer Misuse Detection System |
| CMMC | Cybersecurity Maturity Model Certification |
| CMS | COMSEC Management System |
| CNA | Computer Network Attack |
| CNDSP | Computer Network Defense Service Provider |
| CNSS | Committee on National Security Systems |
| CNSSI | Committee on National Security Systems Instruction |
| CNSSP | Committee on National Security Systems Policy |
| COE | Common Operating Environment |
| COMSEC | Communications Security |
| CONOPS | Concept of Operations |
| COO | Chief Operating Officer |
| COTS | Commericial Off-the-Shelf |
| CSA | Computer Security Act |
| CSIR | Computer (and Network) Security Incident Response |
| CSO | Chief Security Officer |
| CSP | Cloud Service Provider |
| CSS | Central Security Service |
| CSSO | Computer Systems Security Officers |
| CUI | Controlled Unclassified Information |
| CVSS | Common Vulnerability Scoring System |
| DARPA | Defense Advanced Research Projects Agency |
| DATO | Denial of Authorization To Operate |
| DCPDS | Defense Civilian Personnel Data System |
| DDoS | Distributed Denial-of-Service |
| DES | Digital Encryption Standard |
| DevOps | A portmanteau of “Development” and “Operations” |
| DevSecOps | A portmanteau of “Development”, “Security” and “Operations” |
| DHS | Department of Homeland Security |
| DIA | Defense Intelligence Agency |
| DIACCS | Defense IA Command and Control System |
| DIAMOND | Defense Intrusion Analysis & Monitoring Desk |
| DIAP | Defense Information Assurance Program |
| DIDS | Distributed Intrusions Detection System |
| DII | Defense Information Infrastructure |
| DISA | Defense Information Systems Agency |
| DISN | Defense Information System Network |
| DITSWG | Defense Information Technology Security Working Group |
| DLP | Data Loss Prevention |
| DMC | Defense MegaCenter |
| DMS | Defense Message System |
| DNS | Domain Name Servers |
| DoD | Department of Defense |
| DoDD | Department of Defense Directive |
| DODIN | Department of Defense information networks |
| DoS | Denial-of-Service |
| DREN | Defense Research and Engineering Network |
| DSAWG | Defense IA Security Accreditation Working Group |
| DSS | Defense Security Service |
| EAL | Evaluation Assurance Level |
| EDR | Endpoint Detection and Response |
| EFOIA | Electronic Freedom of Information Act |
| EO | Executive Order |
| EOP | Executive Office of the President |
| ETA | Education, Training and Awareness |
| ETAPWG | Education, Training, Awareness and Professionalization Working Group |
| FIPSPUB | Federal Information Processing Standard Publication |
| FIRST | Forum of Incident Resonse and Security Teams |
| FISMA | Federal Information Security Management Act |
| FOIA | Freedom of information Act |
| FTS | Federal Telecommunications Service |
| GB | Gigabyte(s) |
| GDPR | General Data Protection Regulation |
| GMITS | Guidelines for the Management of IT Security |
| GOTS | Government Off-the-Shelf |
| GRC | Governance, Risk Management and Compliance |
| GSA | General Services Administration |
| GSII | Government Services Information Infrastructure |
| HBSS | Host Based Security System |
| HIPAA | Health Information Portability and Accountability Act |
| HTTPS | Hypertext Transfer Protocol Secure |
| I&W | Indications and Warning |
| IA | Information Assurance |
| IAD | Information Assurance Document |
| IAG | information Assurance Group |
| IAM | Information Assurance Manager |
| IAO | Information Assurance Officer |
| IAPWG | Information Assurance Policy Working Group |
| IASE | Information Assurance Support Environment |
| IATAC | Information Assurance Technology Analysis Center |
| IATC | Interim Authority to Connect |
| IATO | Intermin Authority to Operate |
| IATT | Intermin Authority to Test |
| IAVA | Information Assurance Vulnerability Alert |
| IC | Intelligence Community |
| IDS | Intrusion Detection System |
| INFOCONs | Information Operations Conditions |
| INFOSEC | Information Systems Security |
| INFOSYS | Information Systems |
| IO | Information Operations |
| IoT | Internet of Things |
| IP | Internet Protocol |
| IP address | Internet Protocol |
| IPR | Internet Protocol Router |
| IPS | Intrusion Prevention System |
| IPSec | Internet Protocol Security |
| IRM | Information Resource Management |
| IRS | Incident Reporting Structure |
| IRT | Incident Response Team |
| IS | Information System |
| ISACA | Information Systems Audit and Control Association |
| ISO | International Organization for Standardization |
| ISRMC | Information Security Risk Management Committee |
| ISSM | Information System Security Manager |
| ISSO | Information System Security Officer |
| IT | Information Technology |
| ITMRA | Information Technology Management Reform Act |
| JCCC | Joint Communications Control Center |
| JCIDS | Joint Capabilities Integration and Development System |
| JDIICS | Joint DII Control Systems |
| JID | Joint Intrusion Detection |
| JIE | Joint Information Environment |
| JIEO | Joint Interoperability Engineering Organization |
| JIWG | Joint IA Operations Working Group |
| JPO STC | Joint Program Office for Special Technical Countermeasures |
| JTF-CNO | Joint Task Force – Computer Network Operations |
| JWICS | Joint Worldwide Intelligence Communications System |
| JWID | Joint Warrior Interoperability Demonstration |
| kHz | Kilohertz |
| KMI | Key Management Infrastructure |
| KS | Knowledge Service |
| LAN | Local Area Network |
| LE | Law Enforcement |
| LE/CI | Law Enforcement and Counterintelligence |
| LEA | Law Enforcement Agency |
| MA | Mission Area |
| MB | Megabyte(s) |
| MCDES | Malicious Code Detection and Eradication System |
| MFA | Multi-factor Authentication |
| MITRE® ATT&CK | MITRE Adversarial Tactics, Techniques, and Common Knowledge |
| MLS WG | Multilevel Security Working Group |
| MOA | Memorandum of Agreement |
| MOU | Memorandum of Understanding |
| MSP | Managed Service Provider |
| NA | Not Applicable |
| NC | Non-Compliant |
| NCSAM | National Cybersecurity Awareness Month |
| NGFW | Next-generation Firewall |
| NIAC | National Infrastructure Assurance Council |
| NICCS | National Initiative for Cybersecurity Careers and Studies |
| NICE | National Institute for Cybersecurity Education |
| NID | Network Intrusion Detector |
| NII | National Information Infrastructure |
| NIPC | National Infrastructure Protection Center |
| NIPRNet | Non-Classified Internet Protocol Router Network |
| NIST | National Institute of Standards and Technology |
| NITB | National INFOSEC Technical baseline |
| NOC | Network Operating Centers |
| NOSC | Network Operation Security Center |
| NS/EP | National Security and Emergency Preparedness |
| NSA | National Security Agency |
| NSA/CSS | National Security Agency/Central Security Service |
| NSD | National Security Directive |
| NSIRC | National Security Incident Response Center |
| NSOC | National Security Operations Center |
| NSS | National Security System |
| NSTAC | National Security Telecommunication Advisory Committee |
| NSTISSC | National Security Telecommunications and Information Systems Security Committee |
| NSTISSI | National Security Telecommunications and Information Systems Security Instruction |
| NSU | Non-Standard Usage |
| OPSEC | Operations Security |
| OSI model | Open Systems Interconnection model |
| OSINT | Open Source Intelligence |
| OT&E | Operational Test and Evaluation |
| PaaS | Platform as a Service |
| PAO | Principal Authorizing Official |
| PCI-DSS | Payment Card Industry Data Security Standard |
| PGP | Pretty Good Privacy |
| PIA | Privacy Impact Assessment |
| PII | Personally Identifiable Information |
| PIN | Personal Identification Number |
| PIT | Platform Information Technology |
| PKI | Public Key Infrastructure |
| PM | Program Manager or Project Manager |
| PM/SM | Program Manager/System Manager |
| POA&M | Plan of Action and Milestones |
| POM | Program Objective Memorandum |
| PPP | Program Protection Plan |
| PPS | Internet Protocol Suite and Associated Ports |
| PPSM | Ports, Protocols, and Services Management |
| PPTP | Point-to-Point Tunneling Protocol |
| RAM | Random Access Memory |
| RASP | Runtime Application Self-Protection |
| RBAC | Role-based Access Control |
| RCE | Remote Code Execution |
| RCERTs | Regional Computer Emergency Response Teams |
| RDT&E | Research, Development, Test and Evaluation |
| RF | Radio Frequency |
| RMF | Risk Management Framework |
| ROSC | Regional Operations and Security Center |
| RT&E | Research, Test, and Evaluation |
| SaaS | Software as a Service |
| SABI | Secret and Below Interoperability |
| SABI WG | Secret and Below Interoperability Working Group |
| SANS | Sysadmin, Audit, Network and Security |
| SAP | Special Access Program |
| SAR | Security Assessment Report |
| SATAN | Systems Administrators’ Tool for Assessing Networks |
| SBU | Sensitive-But-Unclassified |
| SCA | Security Control Assessor |
| SCAP | Security Content Automation Protocol |
| SCG | Security Configuration Guide |
| SCI | Sensitive Compartment Information |
| SET | Secure Encrypted Transaction |
| SIEM | Security Information and Events Management |
| SIO | Special Information Operations |
| SIPRNet | Secret Internet Protocol Router Network |
| SISO | Senior Information Security Officer |
| SITR | Secret Internet Protocol Router Network Information Technology Registry |
| SLA | Service-Level Agreement |
| SM | System Manager |
| SNAP | Systems/Networks Approval Process |
| SOC | Security Operations Center |
| SP | Special Publication |
| SPB | Security Policy Board |
| SQLi | Structured Query Language Injection |
| SRG | Security Requirements Guide |
| SSAA | Systems Security Authorization Agreement |
| SSE | System Security Engineering |
| SSL | Secure Socket Layer |
| SSO | Single sign-on |
| STIGs | Security Technical Implementation Guides |
| Sysadmin | System Administrator |
| T&E | Test and Evaluation |
| TAG | Technical Advisory Group |
| TB | Terabyte(s) |
| TCP/IP model | Transmission Control Protocol/Internet Protocol |
| THREATCON | Threat Condition |
| TPM | Trusted Platform Module |
| TRANSEC | Transmission Security |
| TRMC | Test Resource Management Center |
| TSN | Trusted Systems and Networks |
| TTP | Tactics, Techniques and Procedures |
| UBA | User Behavior Analytics |
| VAAP | Vulnerability and Assessment Program |
| VAS | Vulnerability Assessment System |
| VPN | Virtual Private Network |
| WAP | Wireless Application Protocol |
| WAS | Web Application Security |
| XSS | Cross-site Scripting |
| ZTNA | Zero Trust Network Access |
