Acronyms and Abbreviations
Selected acronyms and abbreviations used in this paper are defined below.
| AC | Access Control |
| AES | Advanced Encryption Standard |
| AO | Authorizing Official |
| APT | Advanced Persistent Threat |
| AT | Awareness and Training |
| AU | Audit and Accountability |
| BYOD | Bring Your Own Device |
| CA | Security Assessment and Authorization |
| CAP | Cross Agency Priority |
| CC | Common Criteria |
| CEO | Chief Executive Officer |
| CIO | Chief Information Officer |
| CISO | Chief Information Security Officer |
| CKMS | Cryptographic Key Management System |
| CM | Configuration Management |
| CMVP | Cryptographic Module Validation Program |
| CNSSI | Committee on National Security Systems Instruction |
| COOP | Continuity of Operations Plan |
| COTS | Commercial Off The Shelf |
| CP | Contingency Planning |
| CSP | Cloud Service Provider |
| CSRC | Computer Security Resource Center |
| CUI | Controlled Unclassified Information |
| DHS | Department of Homeland Security |
| DRP | Disaster Recovery Plan |
| FIPS | Federal Information Processing Standard |
| FIRMR | Federal Resource Management Regulation |
| FIRST | Forum for Incident Response Teams |
| FISMA 2002 | Federal Information Security Management Act |
| FISMA 2014 | Federal Information Security Modernization Act |
| FOIA | Freedom of Information Act |
| HTTP | Hypertext Transfer Protocol |
| IA | Identification and Authentication |
| ICS | Industrial Control System |
| ICT | Information and Communications Technology |
| IDS | Intrusion Detection System |
| IP | Individual Privacy |
| IR | Incident Response |
| IRM | Information Resource Management |
| ISAC | Information Sharing and Analysis Center |
| ISCM | Information Security Continuous Monitoring |
| ISO | International Organization for Standardization |
| IT | Information Technology |
| ITL | Information Technology Laboratory |
| MA | Maintenance |
| MAC | Message Authentication Code |
| MP | Media Protection |
| NARA | National Archives and Records Administration |
| NIST | National Institute of Standards and Technology |
| NVD | National Vulnerability Database |
| OMB | Office of Management and Budget |
| P.L. | Public Law |
| PA | Personal Authorization |
| PBX | Private Branch Exchange |
| PE | Physical and Environmental Protection |
| PGP | Pretty Good Privacy |
| PII | Personally Identifiable Information |
| PIN | Personal Identification Number |
| PKI | Public Key Infrastructure |
| PL | Planning |
| PM | Project Management |
| PS | Personnel Security |
| RA | Risk Assessment |
| RAID | Redundant Array of Independent Disks |
| RMF | Risk Management Framework |
| S/MIME | Secure/Multipurpose Internal Mail Extension |
| SA | Systems and Services Acquisition |
| SAISO | Senior Agency Information Security Officer |
| SAOP | Senior Agency Official for Privacy |
| SC | System and Communications Protection |
| SCP | System Contingency Plan |
| SI | System and Information Protection |
| SP | Special Publication |
| SSE | System Security Engineer |
| SSO | System Security Officer |
| SSP | System Security Plan |
| TCB | Trusted Computing Base |