| ACRONYM |
TERM |
SUMMARY |
| A&A |
Assessment and Authorization |
The A&A process is a comprehensive assessment and/or evaluation of an information system policies, technical / non-technical security components, documentation, supplemental safeguards, policies, and vulnerabilities. |
| AAA |
Authentication, Authorization, and Accounting |
AAA stands for authentication, authorization, and accounting. AAA is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. |
| AAR |
After Action Report |
The final product of a test, training, or exercise event. The AAR summarizes key information related to the evaluation of the event and includes an overview of performance related to each exercise objective and associated core capabilities, while highlighting strengths and areas for improvement. |
| AC |
Access Control |
Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization. |
| ACAS |
Assured Compliance Assessment Solution |
Assured Compliance Assessment Solution (ACAS) is a software set of information security tools used for vulnerability scanning and risk assessment by agencies of the United States Department of Defense (DoD). It performs automated vulnerability scanning and device configuration assessment. |
| AD |
Active Directory |
Active Directory stores information about objects on the network and makes this information easy for administrators and users to find and use. Active Directory uses a structured data store as the basis for a logical, hierarchical organization of directory information. |
| ADLS |
Advanced Distributed Learning Service |
The Advanced Distributed Learning (ADL) Initiative is a US government program that conducts research and development on distributed learning and coordinates related efforts broadly across public and private organizations. |
| ADP |
Automated Data Processing |
Automated data processing is the creation and implementation of technology that automatically processes data. This technology includes computers and other communications electronics that can gather, store, manipulate, prepare and distribute data. |
| AI |
Administrative Instruction |
Administrative instructions or administrative directions are issued by a higher authority to a lower authority directing as to how certain discretionary powers are to be exercised by the executive. |
| AIS |
Automated Information System |
An Automated Information System (AIS) is a system of computer hardware, computer software, data, and/or telecommunications that performs functions such as collecting, processing, storing, transmitting, and displaying information. |
| AR |
Accountability, Audit and Risk Management |
Audit and accountability addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance along with the identification and evaluation of risks to organizational objectives. |
| ASAP |
As Soon As Possible |
as quickly as you can, as fast as possible, immediately once you become available |
| AT |
Awareness and Training |
In cybersecurity, awareness training is a program designed to help users and employees understand the role they play in helping to combat information security breaches. Awareness training helps employees to understand risks and identify potential attacks they may encounter as they receive email and use the web. |
| AU |
Audit and Accountability |
Audit and accountability addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. |
| BDA |
Battlefield Damage Assessment |
BDA is the timely and accurate estimate of damage against a predetermined target (enemy weapon systems, personnel, or capabilities) caused by lethal or non-lethal military force. BDA is more than counting the number of casualties or pieces of equipment destroyed. |
| CA |
Certificate Authority/ Security Assessment and Authorization |
A certificate authority (CA) is a an organization that acts to validate identities and bind them to cryptographic key pairs with digital certificates. |
| CAC |
Common Access Card |
The CAC, a "smart" card about the size of a credit card, is the standard identification for active duty uniformed Service personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel. It is also the principal card used to enable physical access to buildings and controlled spaces, and it provides access to DoD computer network and systems. |
| CAT |
Category |
A "risk" category is a group of potential causes of risk. Categories allow you to group individual project risks for evaluating and responding to risks. ex. CAT 1, CAT 2, CAT 3 |
| CCB |
Change Control Board |
The review body with authority for approving changes that are consistent with the project’s baseline performance requirements, budgeted cost, and schedule. They play a critical role in managing change to the project’s baseline and ensuring prospective changes are clearly defined, appropriate, and within the cost, schedule and performance parameters |
| CCI |
Control Correlation Identifiers |
Provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. |
| CD |
Compact Disk |
a small plastic disc on which music or other digital information is stored, and from which the information can be read using reflected laser light. |
| CDSE |
Center for Development of Security Excellence |
Established in 2010, the Center for Development of Security Excellence (CDSE) is the premier provider of security training, education, and certification for the Department of Defense, federal government, and cleared contractors under the National Industrial Security Program (NISP). |
| CIO |
Chief Information Officer |
A CIO is a high-ranking executive responsible for managing and successfully implementing the information and computer technology systems of a company. |
| CM |
Configuration Management |
Configuration Management is the process of maintaining systems, such as computer hardware and software, in a desired state. Configuration Management (CM) is also a method of ensuring that systems perform in a manner consistent with expectations over time. |
| CNSS |
Committee on National Security Systems |
The Committee on National Security Systems (CNSS) is a United States intergovernmental organization that sets policies for the security of the US security systems. The CIA triad (data confidentiality, data integrity, and data availability) are the three main security goals of CNSS. |
| CNSSI |
Committee on National Security Systems Instruction |
The Committee on National Security Systems Instruction (CNSSI), Security Categorization and Control Selection for National Security Systems, provides all federal government departments, agencies, bureaus, and offices with a guidance for security categorization of National Security Systems (NSS) that collect, generate, process, store, display, transmit, or receive National Security Information. |
| COA |
Course Of Action |
A plan; a set of intended actions, through which one intends to achieve a goal. |
| COOP |
Continuity of Operations |
Continuity of Operations Planning (COOP) is the effort within individual agencies to ensure they can continue to perform their mission essential functions during a wide range of emergencies. |
| CPO |
Chief Privacy Officer |
The Chief Privacy Officer (CPO) is a senior level executive within a growing number of global corporations, public agencies and other organizations, responsible for managing risks related to information privacy laws and regulations. |
| CSD |
Cyber Security Division |
Their mission is to defend and secure cyberspace by leading national efforts to drive and enable effective national cyber defense, resilience of national critical functions, and a robust technology ecosystem. |
| CSO |
Cyber Security Operations |
Security operations, also known as SecOps, refers to a business combining internal information security and IT operations practices to improve collaboration and reduce risks. SecOps is a set of Security operations center(SOC) processes to improve the security posture of an organization. |
| CSSP |
Cybersecurity Service Provider |
CSSP is a third-party organization that provides security services for a company to secure its assets against potential cyber security threats. |
| CTO |
Certificate to Operate |
Certificate of Operation means approval has been made by an approved jurisdiction, indicating that the inspected has been completed and authorization has been given to operate. |
| DAA |
Designated Approving Authority |
Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with authorizing official, designated accrediting authority, and delegated accrediting authority. Rationale: Term has been replaced by the term “authorizing official”. |
| DCO |
Data Center Operations |
Data center operations comprise the systems and workflows within a data center that keep the data center running. Data center operations include installing and maintaining network resources, ensuring data center security and monitoring systems that take care of power and cooling. |
| DD |
Directives Division |
DoD Directives Division administers and operates the DoD Issuances Program, the DoD Information Collections Program, DOD Forms Management Program, and the DoD Plain Language Program for the Office of the Secretary of Defense. |
| DI |
Data Quality and Integrity |
While data quality refers to whether data is reliable and accurate, data integrity goes beyond data quality. Data integrity requires that data be complete, accurate, consistent, and in context. Data integrity is what makes the data actually useful to its owner. |
| DISA |
Defense Information Systems Agency |
The Defense Information Systems Agency (DISA) is a combat support agency responsible for engineering and providing command and control (C2) capabilities and enterprise infrastructure continuously operating and assuring a global net-centric enterprise in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations. |
| DLP |
Data Loss Prevention |
Data loss prevention is a security solution that identifies and helps prevent unsafe or inappropriate sharing, transfer, or use of sensitive data. It can help your organization monitor and protect sensitive information across on-premises systems, cloud-based locations, and endpoint devices. |
| DMZ |
Demilitarized Zone |
A “demilitarized zone” is an area, agreed upon between the parties to an armed conflict, which cannot be occupied or used for military purposes by any party to the conflict. |
| DoD |
Department of Defense |
The Department of Defense is responsible for providing the military forces needed to deter war and protect the security of our country. The major elements of these forces are the Army, Navy, Marine Corps, and Air Force. |
| DTM |
Directive-Type Memorandum |
One of several forms of a DoD Issuance (e.g., DoD Directives (DoDDs), DoD Manuals, DoD Instructions (DoDIs)) used to issue or change or cancel DoD policy. DTMs are usually issued when time constraints mandate such an action. |
| DVD |
Digital Video Disc |
A Digital Video Disc (DVD) has the same shape and size as a CD, but with a higher density that gives the option for data to be double-sided and/or double-layered. |
| eMASS |
Enterprise Mission Assurance Support Service |
|
| EST |
Eastern Standard Time |
|
| ESXI |
Elastic Sky X Integrated |
|
| FIP |
Federal Information Processing |
|
| FIPS |
Federal Information Processing Standards |
|
| FISMA |
Federal Information Security Modernization Act |
|
| FOIA |
Freedom of Information Act |
|
| GPO |
Enterprise Group Policy Object |
|
| HBSS |
Host Based Security System |
|
| HIPAA |
Health Insurance Portability and Accountability Act |
|
| HIT |
Health Information Technology |
|
| HPNA |
Hewlett-Packard Network Automation |
|
| HTTPS |
Hyper Text Transfer Protocol Secure |
|
| IA |
Information Assurance |
|
| IA |
Identification and Authentication (plan) |
|
| IAM |
Information Assurance Manager |
|
| IAPC |
Information Assurance Protection Center |
|
| IAVA |
Information Assurance Vulnerability Alert |
|
| IAW |
In Accordance With |
|
| IC |
Incident Commander |
|
| ID |
Identification |
|
| IO |
Information Owners |
|
| IP |
Internet Protocol/Individual Participation and Redress |
|
| IPS |
Intrusion Prevention System |
|
| IR |
Incident Response |
|
| IRP |
Incident Response Plan |
|
| IS |
Information System |
|
| ISSM |
Information System Security Manager |
|
| ISSO |
Information System Security Officer |
|
| IT |
Information Technology |
|
| JIMS |
Joint Incident Management System |
|
| JKO |
Joint Knowledge Online |
|
| JLLIS |
Joint Lessons Learned Information System |
|
| JMC |
Joint Malware Catalog |
|
| LE |
Law Enforcement |
|
| MA |
Maintenance |
|
| MCD |
Mission Control Desktop |
|
| MHS |
Military Health System |
|
| MP |
Media Protection |
|
| MTS |
Movement Tracking System |
|
| NA |
Not Applicable |
|
| NACI |
National Agency Check Plus Written Inquiries |
|
| NCSC |
National Computer Security Center |
|
| NDA |
Non-Disclosure Agreement |
|
| NIPRNET |
Non-Secure Internet Protocol Router Network |
|
| NIST |
National Institute for Standards and Technology |
|
| NOC |
Network Operating Center |
|
| NSA |
National Security Agency |
|
| NSC |
Network Service Centers |
|
| NSS |
National Security System |
|
| OMB |
Offices of Management and Budget |
|
| OPORD |
Operation Orders |
|
| OS |
Operating System |
|
| OSS |
Open Source Software |
|
| OTP |
One-Time Password |
|
| PC |
Personal Computer |
|
| PE |
Physical And Environmental |
|
| PHI |
Protected Health Information |
|
| PII |
Personally Identifiable Information |
|
| PIN |
Personal Identification Number |
|
| PIV |
Personal Identity Verification |
|
| PKI |
Public Key Infrastructure |
|
| PPS |
Ports, Protocols, and Services |
|
| PS |
Personnel Security |
|
| RAM |
Random- Access Memory |
|
| RIA |
Rich Internet Applications |
|
| RMF |
Risk Management Framework |
|
| SA |
System Administrators/System and Services Acquisition |
|
| SAAR |
System Authorization Access Request |
|
| SAN |
Storage Area Network |
|
| SAOP |
Senior Agency Official for Privacy |
|
| SBU |
Sensitive but Unclassified |
|
| SCA |
Security Control Authority |
|
| SCAP |
Security Content Automation Protocol |
|
| SIPRNET |
Secret Internet Protocol Router Network |
|
| SORN |
System of Records Notices |
|
| SP |
Special Publication |
|
| SQL |
Structured Query Language |
|
| SSH |
Secure Shell |
|
| SSP |
System Security Plan |
|
| STIG |
Security Technical Implementation Guide |
|
| SYS |
System |
|
| TI |
Technical Impact |
|
| TR |
Transparency |
|
| US |
United States |
|
| USAF |
United States Air Force |
|
| USC |
United States Code |
|
| USCYBERCOM |
United States Cyber Command |
|
| VPN |
Virtual Private Network |
|
Comments
0 comments
Article is closed for comments.