Acronyms

It’s often difficult to know the context of an acronym. So here are all 900+ in one page to cover Business, Finance, Marketing as well as: AI/Quantum IT, Security, Networking, Amazon, Azure, GCP, OMG!

Overview

#
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Other Glossaries provide definitions:
More about Security

NOTE: Content here are my personal opinions, and not intended to represent any employer (past or present). “PROTIP:” here highlight information I haven’t seen elsewhere on the internet because it is hard-won, little-know but significant facts based on my personal research and experience.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

#

2FA = Two-Factor Authentication (MFA)
2SA = Two-Step Authentication
3DES = Triple Digital Encryption Standard
5IR = Fifth Industrial Revolution

A

a11y = accessibility (numeronym of 11 letters between a and y)
AAC = Azure Architecture Center (Microsoft)
AAI = Autonomous Agent Interface (operating system instead of CLI or GUI)
ABAC = Attribute-Based Access Control
ABI = Application Binary Interface (on Apple operating systems)
AC = Alternating Current (as in electrical wall plugs)
ACI = Azure Container Instance (Microsoft)
ACL = Access Control List (defines CRUD permissions for an identity)
ACM = AWS Certificate Manager (Amazon)
ACR = Azure Container Registry (substitute for GitHub within Microsoft Azure cloud)
ACS = Azure Communication Service (to send emails)
AD = Active Directory (Microsoft’s branding for technologies that control access by users and groups)
ADC = Analog to Digital Converter
ADC = AWS Direct Connect (Amazon)
ADE = Automated Device Enrollment (Microsoft 365 Intune auto configuration of macOS)
ADF = Azure Data Factory (part of Microsoft Fabric)
ADLS = Azure Data Lake Storage (Microsoft cloud Fabric storage)
AEAD = Authenticated Encryption with Associated Data (cipher used in TLS)
AES = Advanced Encryption Standard (symmetric encryption algorithm)
AFAIK = As Far As I Know (internet slang)
AFK = Away From Keyboard (gamer slang)
AFR = Annual Failure Rate
AGI = Artificial General Intelligence
AHOD = All Hands On Deck
AI = Artificial Intelligence
AIB = Azure Image Builder (to run within Azure VMs)
AIS = Automated Indicator Sharing (of threats, from cisa.gov)
AICPA = Association of International Certified Professional Accountants
AISIC = AI Safety Institute Consortium
AJAX = Asynchronous Javascript and XML
AKA = Also Known As (common vernacular)
AKE = Authenticated Key Exchange
AKS = Azure Kubernetes Service (Microsoft)
AKV = Azure Key Vault
ALB = Application Load Balancer (Amazon)
ALE = Annualized Loss Expectancy
ALEER = Adopt Land Ex pand Extend Renew
ALM = Application Lifecycle Management (all that goes into managing building and maintaining software applications)
ALZ = Azure Landing Zones (Microsoft)
AM = Account Manager
AMA = Ask Me Anything (slang)
AMA = Azure Marketplace Application (such as HashiCorp Consul Service)
AMA = Azure Monitoring Agent (Microsoft)
AMBA = Azure Monitor Baseline Alerts (Microsoft)
AMI = Amazon Machine Image (Amazon and Azure image containing operating system and apps)
AMO = Atomic, Molecular, and Optical physics (Quantum IT)
AMQP = Advanced Message Queuing Protocol
AMSI = Antimalware Scan Interface (Windows logging mechanism)
AMZN = (Amazon corporation stock market symbol and URL shortener host name)
AO = Authorizing Official (in RMF)
API = Application Programming Interface
APJ = Asia + Pacific + Japan
APM = Application Performance Monitoring
APT = Advanced Persistent Threat
ARG = Azure Resource Graph (of Microsoft Container Registry)
ARM = Advanced RISC Machine (type of computer chip)
ARM = Azure Resource Manager (Microsoft)
ARN = Amazon Resource Name (Amazon)
ARO = Annual Rate of Occurrence
ARP = Address Resolution Protocol (Networking)
ARR = Annual Recurring Revenue
ASAP = As Soon As Possible (slang)
ASB = Azure Security Benchmarks (Microsoft)
ASC = Azure Security Center (Microsoft)
ASG = Auto Scaling Group (AWS)
ASG = Application Security Group (Azure)
ASI = Artificial Super-Intelligence (sentient prioritizing of its own needs and desires)
ASIC = Application-Specific Integrated Circuit
ASIM = Advanced Security Information Model (schemas by Microsoft Sentinel)
ASM = AWS Secrets Manager (Amazon)
ASN = Autonomous System Number (AWS unique endpoint identifier)
ASO = Application Security Orchestration and Correlation (integrated security tools and processes)
ASOC = Azure Service Operator
ASPM = Application Security Posture Management
ASR = Automated System Recovery
ATA = Advanced Threat Analytics (Microsoft)
ATARC = Advanced Technology Academic Research Center (non-profit collaborative forum on emerging technology challenges like zero trust)
ATO = Authority To Operate (FEDRAMP designation for production-ready state)
AUP = Acceptable Use Policy (for using company assets)
AuthN = Authentication (contraction)
AuthZ = Authorization (contraction)
AVM = Azure Verified Module (meets standards for good IaC)
AWS = Amazon Web Services (cloud services provider)
AZ = Availability Zone

B

B2B = Business to Business (marketing)
B2C = Business to Consumer (marketing)
BANT = Budget + Authority + Need + Timeframe (framework for buyer readiness)
BAU = Business Administration Unit
BAU = Business As Usual (pejorative slang)
BBS = BitBucket Server (self-managed edition of BitBucket source version manager from Atlassian)
BCDR = Business Continuity and Disaster Recovery
BCP = Business Continuity Plan
BDM = Business Decision Maker
BDR = Business Development Representative
BEC = Business Email Compromise (spoofing emails to impersonate managers, vendors, customers, govt)
BERT = Bidirectional Encoder Representations from Transformers (Google GenAI)
BFLA = Broken Function Level Authorization
BFP = Bi-Directional Forwarding Detection (networking)
BGP = Border Gateway Protocol (networking)
BHAG = Big Hairy Audacious Goal
BIA = Business Impact Assessment
BIOS = Basic Input Output System
BKM = Best Known Method
BLE = Bluetooth Low Energy
BLF = Business Logic Flaw
BOD = Board of Directors
BOLA = Broken Object Level Authorization
BOPLA = Broken Object Property Level Authorization
BOM = Bill of Material
BPCS = Basic Process Control System (responsible for process control and monitoring of the industrial infrastructure)
BPMN = Business Process Model Notation
BPT = Business Process Technology (OutSystems workflow engine)
BRB = Be Right Back (internet slang)
BRM = Business Requirements Management
BSI = Business-Sensitive Informatioin (used in TPM)
BSM = Basic Security Module (used in TPM)
BSON = Binary JSON (used only within MongoDB)
BTP = Behavioral Threat Protection
BTP = Business Technology Platform (previously SAP Cloud Platform)
BTW = By The Way (internet slang)
BU = Business Unit
BVA = Business Value Assessment
BYOD = Bring Your Own Device
BYOK = Bring Your Own Key
BYOIP = Bring Your Own IP address
BYOK = Bring Your Own Key

C

C2 = Command and Control
C&C = Command and Control
C2E = Commercial Cloud Enterprise
C2PA = Coalition for Content Provenance and Authenticity (c2pa.org)
CA = Certificate Authority (issues cryptographic certificates)
CaaS = Container as a Service (such as AWS ECS or Azure AKS or Docker Cloud)
CaC = Configuration as Code
CAF = Cloud Adoption Framework (multi-cloud)
CAGR = Compound Annual Growth Rate
CAI = Cloud Asset Inventory (Google)
CAIQ = Consensus Assessments Initiative Questionnaire
CAM = Corporate Account Manager (role)
CARML = Common Azure Resource Modules Library (Open Source project)
CAP = Common Alerting Protocol (XEP-127)
CAP = Cybersecurity Assessment Plan (FISMA)
CAPEX = Capital Expenditures (impacts Asset Balance Statements and can be amortized over time)
CAPTCHA = Completely Automated Public Turing (test) to tell Computers and Humans Apart
CASB = Cloud Access Security Broker (provides IAM services to mediate cloud service access)
CBC = Cipher Block Chaining (used by AES openssl encryption)
CBK = Common Body of Knowledge
CCB = Change Control Board (organization)
CCE = Critical Customer Escalation
CCM = Cloud Controls Matrix (from CSA)
CCM = Continuous Controls Monitoring
CCM = Customer Communications Management
CCMP = Cipher block Chaining Message authentication code Protocol (AES-based encryption mode with strong security)
CCP = Common Control Provider (per RMF)
CCP = Crisis Communication Plan
CCS = Complete Corresponding Source (code)
CCTV = Closed-circuit TeleVision
CD = Continuous Deployment (into Production for Productive use)
CDK = Cloud Development Kit (AWS)
CDM = Common Data Model (Microsoft Dataverse for their Power apps)
CDM = Continuous Diagnostics and Mitigation
CDN = Content Delivery Network (Amazon)
CDPI = Control Data-Plane Interface (between SDN Datapath and Controller)
CE = Community Edition
CEO = Chief Executive Officer
CF = CloudFormation (AWS IaC)
CFAA = Computer Fraud & Abuse Act (of 1986)
CfCT = Customizations for Control Tower (Amazon)
CFS = Completely Fair Scheduler (Kubernetes CPU allocation among cgroups)
CFT = Cloud Foundation Toolkit (Google Forseti Config Validator managed by Scorecard CLI utility)
CFT = CloudFormation Templates (Amazon)
CG = Customer Gateway
CI = Continuous Integration
CIAN = Customer Identity and Access Management
CIDR = Classless Inter-Domain Routing (networking)
CIEM = Cloud Infrastructure and Entitlement Management (invented by Gartner)
CIM = Common Information Model (Splunk)
CIP = Critical Infrastructure Protection (plan)
CIRP = Cyber Incident Response Plan
CIS = Center for Internet Security
CISA = Cybersecurity and Infrastructure Security Agency (US government organization)
CISO = Chief Information Security Officer
CKL = Compromised Key List
CKMS = Cryptographic Key Management System
CLI = Command Line Interface (used to run Linux shell scripts)
CLU = Conversational Language Understanding (Azure AI Language)
CMDB = Configuration Management Database (ITIL term for where all aspects of the system is defined)
CMK = Customer-Managed Key (for encryption)
CMP = Cloud Management Platform (for easier use of multiple clouds)
CN = Common Name (a human-readable name of the subject in certificates)
CNAME = Canonical Name Record (DNS)
CNI = Container Network Interface (Kubernetes)
CNN = Convolutional Neural Networks (Machine Learning)
CNSS = Committee on National Security Systems
COGS = Cost of Goods Sold (Financial Accounting)
COMINT = Command Intelligence (from intercepted SIGINT)
COOP = Continuity of Operations (plan)
CORS = Cross-Origin Resource Sharing (used by browsers to allow web apps to access resources from other origins)
COSO = Committee of Sponsoring Organization (of the Treadway Commission)
COTS = Commercial Off-The-Shelf (Software vs. custom-built)
CPA = Certified Public Accountant
CPIC = Capital Planning Investment Controls
CPS = Customer Profitability Score
CPRA = California Privacy Rights Act
CPSM = Cloud Security Posture Management
CPU = Central Processing Unit
CQL = Cassandra Query Language
CRA = Cyber Resilience Act (EU security law that requires companies to report breaches and puts liability on software flaws)
CRD = Custom Resource Definition (Extends Kubernetes API)
CRDTs = Conflict-free Replicated Data Types (resolves concurrent changes in collaborative apps)
CRI = Container Runtime Interface (Kubernetes)
CRR = Cross-Region Replication
CRL = Certificate Revocation List
CRM = Customer Relationship Management
CRR = Cross-Region Replication (AWS S3 capability)
CRR = Cyber Resilience Review (defined by DHS)
CRT = Common Release Tooling (built on top of GitHub Actions CI/CD)
CRUD = Create Read Update Delete (basic operations)
CS = Customer Success (organization)
CSA = Cloud Security Alliance
CSAF = Common Security Advisory Framework (defined by OASIS)
CSB = Cloud Service Broker
CSC = Cloud Service Customer
CSC = Critical Security Controls
CSE = Customer Success Engineer
CSF = Cyber Security Framework (NIST ISO 27018)
CSI = Container Storage Interface (Kubernetes)
CSIRC = Computer Incident Response Center
CSIRT = Computer Incident Response Team
CSM = Customer Success Manager
CSO = Cloud Security Officer
CSP = Cloud Service Provider
CSP = Content Security Policy (defines which origins browsers are allowed to load resources)
CSP = Cryptographic Service Provider
CSPM = Cloud Security Posture Management (Azure Defender, Palo Alto Prisma Cloud, Qualys CloudView, Trend Micro Cloud One Conformity)
CSQL = Customer Success Qualified Lead (HashiCorp internal term)
CSR = Certificate Signing Request
CSRF = Cross-Site Request Forgery
CTA = Call To Action (marketing)
CTAP = Client To Authenticator Protocol
CTF = Capture The Flag (in a cybersecurity tournament)
CTF = Cyber Threat Framework
CTI = Cyber Threat Intelligence
CTO = Chief Technology Officer
CTS = Consul-Terraform Sync (HashiCorp product)
CVD = Color Vision Deficiency (aka Color Blindness)
CVE = Common Vulnerabilities and Exposures (identified through the US CISA database)
CVRF = Common Vulnerability Reporting Framework (defined by OASIS)
CVSS = Common Vulnerability Scoring System
CWE = Common Weakness Enumerations (known in programming source code)
CWPP = Cloud Workload Protection Platform (Microsoft, Palo Alto)

D

DaaS = Data as a Service
DA = Developer Advocate
DAC = Discretionary Access Control (for Security)
DAG = Directed Acyclic Graph
DAO = Decentralized Autonomous Organization
DART = Detection and Response Team (Microsoft)
DAX = Data Analysis Expressions (Microsoft formula language)
DAX = DynamoDB Accelerator (Amazon)
DB = Database
DBMS = DataBase Management System
DC = Data Center (in the context of Consul - a set of Consul nodes within a region)
DC = Domain Controller (Microsoft server that authenticates user identities and authorizes their access to resources)
DCAP = Data-Centric Audit Protection
DCL = Data Control Language (to GRANT, REVOKE SQL data)
DDD = Domain Driven Design
DDL = Data Definition Language (to CREATE, ALTER, DROP SQL data)
DDoS = Distributed Denial of Service Attack
DDPM = Denoising Diffusion Probabilistic Models (Generative AI)
DEI = Diversity + Equity + Inclusion
DEK = Data Encryption Key (secret generated from Customer Managed keys to protect data)
DES = Digital Encryption Standard (56 bits)
DEX = Decentralized Exchanges (Blockchain)
DFC = Distributed Fragments Cryptography (by AKeyless.io)
DFIR = Digital Forensics and Incident Response
DGO = Data Governance Organization/Officer (for security)
DHCP = Dynamic Host Configuration Protocol (automatically assigns IP addresses to devices on a network)
DHS = Department of Homeland Security (US government organization)
DIR = Detection and Incident Response (security workflow)
DKIM = DomainKeys Identified Mail (provides public keys for signing of emails to prevent spoofing)
DLP = Data Loss Prevention
DMARC = Domain-based Message Authentication Reporting and Conformance (policies about what to do when SPF and DKIM fails)
DMCA = Digital Millennium Copyright Act
DML = Data Manipulation Language (to INSERT, UPDATE, DELETE SQL data)
DMS = Database Migration Service (AWS & Microsoft Azure)
DMZ = Demilitarized Zone (networking)
DMV = Dynamic management views (Microsoft SQL query lifecycle insights monitoring)
DNC = Do Not Connect
DNS = Domain Name Service (networking
DoD = Definition of Done
DOD = Department of Defense (US government organization)
DODAF = Department of Defense Architecture Framework
DoR = Definition of Ready
DPIA = Data Protection Impact Assessment (required by EU GDPR)
DPL = Data Protection Officer (job role required by GDPR)
DQL = Data Query Language (to SELECT SQL data)
DR = Disaster Recovery
DRI = Directly Responsible Individual (Coined by Apple for the person to make sure that a task is completed)
DRP = Disaster Recovery Plan (to transition from alternative business processes back to regular processes.)
DRPO = Defense Research & Development Organization
DRY = Don’t Repeat Yourself
DRDoS = Distributed Reflection Denial-of-Service
DSC = Digital Signature Algorithm (algorithm for signatures)
DSC = Desired State Configuration (declarative DevOps)
DSL = Domain-Specific Language (used to control Apache Kafka stream processing)
DSL = Domain-Specific Language (used to control Apache Kafka stream processing)
DSSE = Dead Simple Signing Envelope (signing methods and formats used by Secure Systems Lab)
DSSS = Direct-Sequence Spread Spectrum
DTLS = Datagram Transport Layer Security
DUT = Device Under Test
DWaaS = Data Warehouse as a Service
DWBH = Don’t Worry Be Happy (internet slang)
DX = Developer eXperience

E

E2E = End-to-End
E2EE = End-to-End Encryption
EA = Enterprise Architect
EAL = Evaluation Assurance Level (1-7 of Common Criteria)
EAM = Externalized Authorization Management
EAP = Extensible Authentication Protocol (a framework for port-based access control that uses the same three primary components that are used in the RADIUS standard)
EAR = Export Administration Regulations (US)
EBS = Elastic Block Storage (Amazon)
ECDSA = Elliptic Curve Digital Signature Algorithm (algorithm for signatures)
ECU = Electronic Control Unit (Embedded system in autos)
EDA = Exploratory Data Analysis (Microsoft MLOps)
EDR = Endpoint Detection and Response (security)
EDI = Electronic Data Interchange
EE = Enterprise Edition
EIN = Employer Identification Number
EC2 = Elastic Cloud Compute (AWS)
ECR = Elastic Container Registry (Amazon service)
ECS = Elastic Container Service (Amazon service)
ECU = EC2 compute unit (Amazon)
EDA = Event Driven Architecture (Serverless)
EDM = External Dependency Management (NIST)
EDPB = European Data Protection Board (EU GDPR)
EDR = Endpoint Detection and Remediation
EFA = Elastic Fabric Adapter (AWS)
EFF = Electronic Frontier Foundation
EFS = Elastic File System (Amazon file storage service for EC2 instances)
EFT = Electronic Funds Transfer
EiB = Exbibyte (exa binary byte)
EIP = Elastic IP
ELA = Enterprise License Agreement
ELB = Elastic Load Balancer (AWS)
EMR = Elastic Map Reduce (AWS)
EKM = Extensible Key Management (HashiCorp Vault feature)
EKS = Elastic Kubernetes Service (AWS)
ELB = Elastic Load Balancer
ELT = Extract Load Transform
EMEA = Europe + Middle East + Africa
EMI = Electro-Magnetic Interference
EMP = Electro-Magnetic Pulse
EMR = Elastic Map Reduce (AWS ETL)
EMRFS = EMRFS (on AWS S3 encryption at rest)
ENA = Enhanced Networking Adapter (in AWS EC2 AMI instances)
ENI = Elastic Network Interface (AWS)
EPS = Earnings Per Share
ETL = Extract Transform and Load
EOQ = End of Quarter
EOM = End of Month
EO = Executive Order (from US White House)
EOP = Exchange Online Protection (Microsoft)
EOY = End of Year
EPSS = Exploit Prediction Scoring System (to predict the likelihood of a vulnerability being exploited)
ERM = Enterprise Risk Management
ERP = Enterprise Resource Planning (SAP does this)
ETDR = Endpoint Threat Detection and Response (security)
ETW = Event Tracing for Windows (Microsoft EventPipe)
EU = European Union
EV = Extended Validation (certificate)

F

FaaS = Functions as a Service
FAQ = Frequently Asked Questions
FBL = Feedback Loop
FCEB = Federal Civilian Executive Branch (US government departments and agencies)
FCI = Failover Cluster Instance (Microsoft SQL Server)
FDE = Full Disk Encryption
FEA = Federal Enterprise Architecture (by OMB)
FEDRAMP = Federal Risk and Authorization Management Program
FGAC = Fine-grained Access Control (AWS)
FHRP = First Hop Redundancy Protocol (for shared IP routing redundancy)
FIDO2 = Fast IDentity Online (Spec for web authorization using devices with PKI instead of passwords)
FIFO = First In - First Out
FIM = Federated Identity Management
FIM = File Integrity Monitoring (for Intrusion Detection)
FISMA = Federal Information Security Management Act (US government)
FM = Foundation Model (LLM for Generative AI)
FMCG = Fast-Moving Consumer Goods
FN = False Negative (test result that missed catching a bad/malicious sample)
FOMO = Fear Of Missing Out
FP = False Positive (test result that identified a legitimate sample as bad/malicious)
FQDN = Fully-Qualified Domain Name
FPS = Flexible Payments Service
FRAP = Facilitated Risk Analysis Process (analyze impact of each individual org unit)
FTE = Full Time Employee/Equivalent
FTK = Forensic ToolKit (drive imager tool from AccessData to preserve evidence)
FQDN = Fully Qualified Domain Name
FSM = Finite State Machine
FYE = Fiscal Year End
FYI = For Your Information
FUD = Fear Uncertainty and Doubt

G

GAPP = Generally Accepted Privacy Principles (developed by accountants)
GA = General Availability
GAI = Generative Artificial Intelligence
GAM = Global Account Manager (job role)
GANS = Generative Adversarial Networks (Generative AI)
GAR = Geoogle Artifact Registry (in GCP)
GB = Gigabytes (173741824 bytes or 1024 megabytes)
GCE = Google Compute Engine
GCP = Google Cloud Platform
GCM = Galois/Counter Mode (mode of operation for symmetric-key cryptographic block ciphers)
GDPR = General Data Protection Regulation (EU Regulation 2016/679)
GEOINT = Geospatial Intelligence (from analysis and visualization of security activities on a map)
GG = Good Game (gamer digital handshake to convey sportsmanship)
GGML = GPT-Generated Model Language (Early Tensor library designed for machine learning large models at high performance)
GGUF = GPT-Generated Unified Format (for sharing LLMs)
GHA = GitHub Actions (SVM cloud purchased by Microsoft)
GID = Group Identifier (used in Kubernetes)
GKE = Google Kubernetes Engine (manages container images within Google cloud)
GKS = Google Kubernetes Service (runs container images within Google-managed Kubernetes)
GLB = Global Load Balancing
GNM = Global Network Manager (HashiCorp product feature)
GNU = GNU is Not Unix (a recursive acronym for the set of commands in Linux Bash scripts)
GPG = GNU Privacy Guard (software program to handle encryption)
GPO = Group Policy Object
GPS = Global Positioning System
GPT = Generative Pre-trained Transformer (OpenAI GenAI)
GPT = GUID Partition Table (used with UEFI)
GRC = Governance and Risk and Compliance
gRPC = Global Remote Procedure Call (a protocol to connect services)
GRS = Geo-Redundant Storage (replication of 3 copies in an Availability Zone in each of two Azure regions)
GSI = Global Secondary Index (AWS DynamoDB)
GSI = Global System Integrator
GTM = Go To Market
GUI = Graphical User Interface
GUID = Globally Unique Identifier (a code generated to be unique across space and time for use as an object identifier)
GW = Gateway
GZRS = Geo-Zone-Redundant Storage (replication synchronously to 3 Availability Zones in a primary and 3 copies asynchronously in one Availability within a secondary Azure region accessed only after a failover)

H

H2M = Human to Machine (interface)
HA = High Availability
HADR = High Availability Disaster Recovery
HAML = HTML Abstraction Markup Language (a template used in Ruby Rails views to simplify writing HTML)
HANA = High-performance ANalytic Application (SAP’s in-memory column-oriented relational DBMS)
HBI = High Business Impact (flag for Azure to add encryption and limit diagnostics collection on sensitive data)
HC = HashiCorp
HCL = HashiCorp Configuration Language
HD = High Definition
HDFS = Hadoop Distributed File System
HEC = HTTP Event Collector (Splunk)
HCM = Human Capital Management (system for HR processes)
HCP = HashiCorp Cloud Provider
HCS = HashiCorp Consul Service (SaaS on Azure)
HIDS = Host-Based Intrusion Detection System
HIPAA = Health Insurance Portability and Accountability Act
HiPPO = Highest Paid Person‚Äôs Opinions
HLS = HTTP Live Streaming (Apple video streaming protocol)
HMI = Human-Machine Interface
HPA = Horizontal Pod Autoscaler (Kubernetes)
HPC = High-Performance Compute
HQL = Hibernate Query Language (object-oriented ORM SQL with inheritance polymorphism used by Java)
HR = Human Resources
HRMS = Human Resource Management System
HRU = High-Risk User(s)
HSM = Hardware Security Module
HSTS = HTTP Strict Transport Security (web security policy that protects HTTPS websites against MITM attacks)
HTAP = Hybrid Transaction and Analytics Processing (Microsoft Azure Synapse Link capability)
HTML = HyperText Markup Language
HTTPS = HyperText Transfer Protocol Secure (the protocol that uses port 443)
HUMINT = Human Intelligence (from human sources such as interviews or spying)
HVA = High-Value Asset
HVP = Hybrid Vault Platform (AKeyless Encryption as a Service)
HVM = Hardware Virtual Machine
HVN = HashiCorp Virtual Network
HXM = Human Management (SAP SuccessFactors HRMS suite)

I

i18n = Internationalization (numeronym - 18 letters between i and n)
IA = Interoperability Agreement (between enterprises)
IaaS = Infrastructure as a Service
IaC = Infrastructure as Code
IAB = Internet Architecture Board (maintains an ethics-related statement concerning the use of the Internet. A technical advisory group of researchers and technical professionals responsible for Internet growth and management strategy and standards oversight.)
IAM = Identity and Access Management
IAP = Identity-Aware Proxy (Google Cloud)
IASAE = Information Assurance Security Architecture and Engineering
IAST = Interactive Application Security Testing
IBN = Internet-based Networking (for SDN)
IC = Integrated Circuit
ICFR = Internal Control over Financial Reporting
ICMP = Internet Control Message Protocol (used by the Linux ping command)
ICS = Industrial Control System (aka Operational Technologies)
ICT = Information and Communication Technology
ICYMI = In Case You Missed It
ID = Identifier
IDaaS = Identity as a Service
IDE = Integrated Development Environment
IDOR = Insecure Direct Object Reference
IdP = Identity Provider (such as Okta)
IDP = Internal Developer Platform
IDS = Intrusion Detection System (A detective control used to detect attacks after they occur. A signature-based IDS (also called definition-based) uses a database of predefined traffic patterns. An anomaly-based IDS (also called behavior-based) starts with a performance baseline of normal behavior and compares network traffic against this baseline. An IDS can be either host-based (HIDS) or network-based (NIDS)
IDS = Influencer Dynamics Simulator (predicts how followers react to influencers)
IEM = Infrastructure Event Management (AWS service to ensure high traffic can be accommodated)
IETF = Internet Engineering Task Force
IYDMMA = If you don’t mind me asking (chat slang)
IFS = Internal Field Separator (to define character used to split strings in Bash shell scripts)
IGA = Identity Governance and Administration
IGW = Internet Gateway
IIoT = Industrial Internet of Things
IKE = Internet Key Exchange
ILB = Internal Load Balancer (Microsoft)
ILT = Instructor-Led Training
IM = Internet Messaging
IMINT = Imagery (Photography) Intelligence (from satellite or drone photos)
IMHO = In My Humble Opinion
IMO = In My Opinion
IOA = Indicator of Attack
IOC = Indicator of Compromise
IOPS = Input Output Per Second (AWS)
iOS = (Mobile operating system for Apple iPhone)
IOT = Internet of Things
IP = Internet Protocol
IPAM = IP Address Manager (AWS feature that manages CIDR ranges)
IPC = Inter-Process Communication
IPE = Information Produced by the Entity
IPS = Intrusion Protection System (detect or prevent brute force & other attacks on security)
IPsec = Internet Protocol security
IPO = Initial Public Offering
IR = Integration Runtime (compute infrastructure used by Microsoft’s Azure Data Factory)
IR = Incident Response (Security)
IRDP = ICMP Router Discovery Protocol
IRL = In Real Life (internet slang)
IRM = Information Rights Management
IRM = Insider Risk management (Microsoft 365 compliance solution)
IRT = Incident Response Team
ISAC = Information Analysis Sharing Centres (for threat intelligence)
ISCP = Information System Contingency Plan
ISBN = Intelligent Spend and Business Network (SAP offering)
ISD = Internet Service Provider PDW* ISMS = Information Security Management System (ISO 27001)
ISO = International Standards Organization
ISSO = Information System Security Officer (in RMF)
ISP = Internet Service Provider (company providing access to the internet)
ISV = Independent Software Vendor
IT = Information Technologies
ITAR = International Traffic in Arms Regulations (US)
ITIL = Information Technology Infrastructure Library
ITSM = IT Service Management (implemented of Service Now)
ITU = International Telecommunication Union (defined X.509 certificate format)

J

J2EE = Java Enterprise Edition
JIT = Just-In-Time (access for Zero Trust)
JEA = Just-Enough-Access (for Zero Trust)
JOSE = Javascript Object Signing and Encryption (standard)
JSON = JavaScript Notation (data format)
JWT = JSON Web Token (Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims)

K

k8s = Kubernetes (numeronym of 8 letters between k and s)
kanban = Japanese word for visual signal (adopted for managing software workflow)
KCL = Kinesis Client Library (AWS)
KDC = Key Distribution Center
KEDA = Kubernetes-based Event Driven Autoscaler
KEK = Key Encryption Key (key to encrypt the DEK)
KMIP = Key Management Interoperability Protocol
KMS = Key Management Service (AWS)
KNOB = Key Negotiation of Bluetooth (MITM attack on paired Bluetooth devices’ security mechanisms)
KPI = Key Performance Indicator
KPL = Kinesis Python Library (AWS)
KPU = Kinesis Processing Units (AWS streaming memory and compute)
KQL = Kusto Query Language (to access Microsoft Azure Data Explorer)
KTS = Kubernetes Threat Detection (Google service)
KRI = Key Recovery Information
KSAs = Knowledge, Skills, and Abilities (Work Roles)
KV = Key-Value (data storage format)
KYC = Know Your Customer

L

l18n = Localization (numeronym of 18 letters between l and n)
LAM = Large Action Models (multihop & multimodal data type for agentic/action on LLMs)
LAMP = Linux OS + Apache web server + MySQL DB + PHP/Perl/Python (open-source web development technology stack)
LAN = Local Area Network
LDAP = Lightweight Directory Access Protocol (used by Linux to manage user and group access)
LF-TBAC = Lake Formation tag-based access control (AWS)
LGPD = Lei Geral de Proteção de Dados Pessoais (privacy/data protection law in Brazil)
LGTM = Looks Good To Me
LGTM = Loki + Grafana + Tempo + Mimir (Grafana’s integrated stack for logs, metrics, and traces to be collected and visualized)
LI = Lead Implementer
LIFO = Last In - Last Out
LLC = Limited Liability Company
LLM = Large Language Model (such as GPT-x for Generative AI)
LLMNR = Link-Local Multicast Name Resolution (Microsoft protocol for name resolution)
LMS = Learning Management System
LOL = Laughing Out Loud (internet slang)
LoRA = Low-Rank Adaptation (reducing the number of trainable parameters and enabling efficient adaptations by decomposing weight matrices into low-rank matrices)
LotL = Living off the Land (type of attack)
LPU = Language Processing Unit (AI Agent OS component)
LRS = Locally-Redundant Storage (within same Azure Availability Zone)
LSI = Local Secondary Index (AWS DynamoDB)
LTM = Last Twelve Months
LUKS = Linux Unified Key Setup (root + boot + swap partition encryption)
LUN = Logical Unit Number (within a physical storage device volume manager)
LVM = Large Vision Model (such as Stable Difussion for Generative AI)
LWE = Learning with errors (cryptographic algorithm)

M

m8g = Monitoring (numeronym - 8 letters between m and g)
M&A = Mergers and Acquisitions (business)
MAC = Media Access Control (address of NIC card)
MAC = Message Authentication Code (a tag appended to a message to verify its authenticity)
MAP = Minimum Acceptable Product
MASINT = Measurement and Signatures Intelligence (of weapons capabilities and industrial activities)
MBR = Master Boot Record
MCSB = Microsoft Cybersecurity Security Benchmark (best-practice framework using Microsoft Defender for Cloud. Successor of Azure Security Benchmark v3)
MCR = Microsoft Container Registry
MCRA = Microsoft Cybersecurity Reference Architectures
MDFC = Microsoft Defender for Cloud
MDT = Microsoft Deployment Toolkit (to install Windows 11 from file shares)
MDTI = Microsoft Defender Threat Intelligence
MDM = Master Data Management (for a single source of truth about critical corporate data)
MDM = Mobile Device Management (for security)
MDW = Modern Data Warehouse (Microsoft)
MDR = Managed Detection and Response (for security)
MDX = Multidimensional Expressions (multi-axis formula language for Microsoft SSAS to retrieve OLAP cubes)
MEF = Mission Essential Functions
MELT = Metrics + Errors + Traces + Logs (for Observability)
MFA = Multi-Factor Authentication (security)
MGT = Microsoft Graph Toolkit (to read the Outlook calendars and log of actions by each Microsoft user)
MIG = Managed Instance Group (for autoscaling within Google Cloud)
MIP = Microsoft Information Protection (sensitivity labels)
MIT = Most Important Task
MitC = Man-in-the-Cloud (performed by abusing cloud file synchronization services such as Google Drive or DropBox for Data compromise, command and control (C&C), data exfiltration, and remote access)
MitB = Man-in-the-Browser (attack vector such as Port stealing that exploits the binding between a port and a media access control (MAC) address)
MitM = Man-in-the-Middle (an attack in the form of active interception allowing an attacker to intercept traffic and insert malicious code sent to other clients. Kerberos provides mutual authentication and helps prevent MITM attacks)
MISP = Malware Information Sharing Platform (open-source threat intelligence platform)
ML = Machine Learning
MLDR = Machine Learning Detection and Response
MLM = Masked Language Model (such as BERT for Natural Language Processing)
MLLP = Minimal Lower Layer Protocol (the leading and trailing delimiter HL7v2 healthcare data is transmitted using TCP/IP within VPNs)
MNC = Multi-National Corporation
MOD = Manager on Duty (incident manager - security and hospitality industry)
MPP = Massively Parallel Processing (on databases)
MS = Microsoft
MSA = Master Service Agreement
MSK = Managed Streaming for Kafka (AWS)
MSI = Managed Service Identity
MTD = Month-To-Date
mTLS = Mutual TLS
MOR = Minimum Operating Requirements (describes the minimum environmental and connectivity requirements in order to operate computer equipment)
MSI = Microsoft Software Installer (file extension for Microsoft Windows installer files)
MTD = Maximum Tolerable Downtime
MQTT = MQ Telemetry Transport
MSAL = Microsoft Authentication Libraries
MSK = Managed Streaming for Kafka (AWS using Apache)
MSP = Managed Service Provider
MSSP = Managed Security Service Provider (A provider of outsourced SOC services)
MTA = Mail Transfer Agent
MTBF = Mean Time Between Failures
MTTA = Mean Time To Acknowledge
MTTD = Mean Time To Detect (anomaly)
MTTI = Mean Total Time of Impact (to operations)
MTTR = Mean Time To Restore/Remediate
MTU = Maximum Transmission Unit (networking)
MVP = Minimum Viable Product
MVP = Most Valuable Professional (Microsoft)
MY = Multi-Year
MYOB = Mind Your Own Business (internet slang)

N

NA = Not Applicable
NA = North America (United States)
NAC = Network Access Control
NAC = Network Admission Control/Controller (Cisco)
NAD = Network Access Devices
NAS = Network Attach Storage (device)
NAT = Network Address Translation (allows devices on a private network to communicate with a public network through a networking gateway)
NB = No Problem
NDA = Non-Disclosure Agreement
NDAA = National Defense Authorization Act of 2020 and 2021
NDE = Net Dollar Expansion
NDRR = Net Dollar Retention Rate
NFR = Non-Functional Requirements
NFS = Network File System
NFV = Network Function Virtualization
NGC = NVIDIA GPU Cloud
NGFW = Next-Generation firewall (Originally from Palo Alto - it examines application data to filter traffic at the highest application layer of networks)
NIA = Network Interface (HashiCorp product feature)
NIACAP = National Information Assurance Certification and Accreditation Process
NIAP = National Information Assurance Partnership (Common Criteria)
NIC = Network Interface Card
NISQ = Noisy Intermediate-Scale Quantum (device)
NIST = National Institute of Standards and Technology (US)
NLB = Network Load Balancer (Amazon)
NLU = Natural Language Understanding (Alexa & Generative AI)
NOC = Network Operations Center
NoSQL = (Nonrelational database system such as key-value pair document storage in DynamoDB)
NPD = Non-Production (vs PRD for production in keeping with a consistent number of letters)
NPS = Net Promoter Score (rating by customers willing to promote to others)
NPU = Neuro Processing Unit (powers Microft’s AI laptops)
NSA = National Security Agency (conducts SIGINT)
NSFW = Not Safe For Work (chat slang)
NSG = Network Security Group (Azure)
NSP = Next Sentence Prediction (GenAI for BERT Natural Language Processing)
NTA = Network Traffic Anomaly
NTM = Next Twelve Months
NTP = Network Time Protocol
NVIDIA = (the corporation which produces GPUs for AI and graphics)

O

o11y = Observability (numeronym - 11 letters between o and y)
O3DE = Open 3D Engine (open-source 3D game development engine from Amazon. Successor to Amazon Lumberyard)
OAC = Origin Access Control (for AWS CloudFront)
OAI = OpenAI (Microsoft’s partner in AI ChatGPT)
OAI = Origin Access Identity (virtual identity used to require users to access content via AWS CloudFront URl instead of S3 URL)
OASIS = Organization for the Advancement of Structured Information Standards (defined CSAF and CVRF)
OCI = Container Open Initiative (to replace Docker Compose and Docker containers)
OCSP = Online Certificate Status Protocol
OCM = Organizational Change Management
ODNI = Office of the Director of National Intelligence
OECD = Organization for Economic Cooperation and Development (published trans-border privacy guidelines in 1980)
OEL = Oracle Enterprise Linux
OEM = Original Equipment Manufacturer
OEP = Occupant Emergency Plan
OFDM = Orthogonal Frequency-Division Multiplexing (method of digital modulation of data in which a signal, at a chosen frequency, is split into multiple carrier frequencies at right angles to each other)
OG = Original Gangster (slang to praise someone as exceptional, authentic, or old-school)
OIDC = OpenID Connect
OKR = Objectives and Key Results
OODA = Objective and Key Results
OLA = Observe - Orient - Decide - Act (acrostic for the rapid decision-making strategy used by US fighter pilots during aerial combat)
OLAP = OnLine Analytical Processing (A business intelligence approach that allows users to analyze large amounts of data from different points of view)
OLTP = OnLine Transaction Processing
OMS = Operations Management Suite (Microsoft product for datacenter administration)
OOM = Out of Memory
OOP = Object Oriented Programming
OPA = Open Policy Agent (Policy as Code agent from Styra used in Kubernetes Admission Controller and Terraform)
OPEX = Operating Expenditures (impacts Profit and Loss statement for current periods)
ORC = Optimized Row Columnar (data format used within Apache Hadoop databases)
ORM = Object-Relational Mapping (to simplify interaction between OOP CRUD apps and SQL databases)
OS = Operating System
OSCAL = Open Security Controls Assessment Language (NIST-defined format for communicating CVEs)
OSCP = Online Certificate Status Protocol (used to obtain the revocation status of X.509 digital certificates)
OSI = Open Systems Interconnection
OSINT = Open Source Intelligence
OSS = Open Source Software
OT = Operational Technology
OTCSA = Operational Technology Cyber Security Alliance
OTOH = On the Other Hand (chat slang)
OTP = One-Time Password (for security)
OTR = Off The Record (privacy)
OVAL = Open Vulnerability and Assessment Language
OU = Organizational Unit
OWASP = Open Web Application Security Project

P

P2P = Person to Person
PaC = Policy as Code
PaaS = Platform as a Service
PAM = Privileged Access Management
PAN = Primary Account Number (PCI DSS)
PAP = Permissible Actions Protocol (defines actions to avoid attackers detecting investigation - RED for non-detectable actions, AMBER for passive, GREEN for active, WHITE for no restrictions)
PASTA = Process for Attack Simulation and Threat Analysis
PAT = Port Address Translation (networking)
PAW = Privileged Access Workstation (Microsoft)
PAYG = Pay-As-You-Go (such as for cloud services billing)
PNAC = Port-Based Network Attack
PBC = Provided By Client (SOC term)
PC = Personal Computer (refers to a Microsoft Windows machine)
PCI = Peripheral Components Interconnect
PCI DSS = Payment Card Industry Data Security Standard (private regulation by credit card processors to prevent identity theft)
PDD = Project Delivery Document (containing IS project scope prerequisites scheduling info etc.)
PDF = Portable Document Format (the format created by Adobe to create a universally accessible file containing graphics and text)
PDW = Parallel Data Warehouse (Microsoft SQL 2012 Analytics Platform System that became Azure SQL Data Warehouse)
PE = Pre-installed Environment (a bootable image of Microsoft Windows used to automate install)
PEFT = Parameter-Efficient Fine-Tuning (techniques for updating a small subset of an ML model’s parameters)
PEM = Privacy Enhanced Mail (AWS private key certificate encoding file type)
PEP = Policy Enforcement Point (filters requests and makes eXtensible Access Control Markup Language (XACML) to a Policy Decision Point (PDP)
PETM = Parameter-Efficient Tuning Methods (in Generative AI)
PF = Privacy Framework
PFS = Perfect Forward Secrecy
PHD = Personal Health Dashboard
PHI = Protected Health Information
PHP = (recursive acronym for PHP: Hypertext Preprocessor. A web scripting language used in WordPress)
PHS = Password Hash Synchronization (Microsoft Azure AD Connect)
PIA = Privacy Impact Assessment
PID = Process Identifier
PII = Personally Identifiable Information
PIM = Privileged Identity Management
PIN = Personal Identification Number (a secret consisting of a small number)
PIOPS = Provisioned Input Output Operations Per Second
PIV = Personal Identity Verification
PKE = Public Key Encryption
PKI = Public Key Infrastructure (manages cryptographic certificates)
PM = Product Management/Manager
PLC = Programmable Logic Controller
P&L = Profit and Loss
PMM = Product Marketing Manager (organizational role)
PMO = Program Management Office
POA&M = Plan of Action and Milestones
PoC = Proof of Concept
POLP = Principle of Least Privilege
POM = Production Operations Management
POR = Process of Record
PPG = Point-to-Point Tunneling Protocol (networking)
PPG = Proximity Placement Group (Azure VMs)
PPK = Putty Private Key (AWS private key certificate encoding file type for Windows PuTTY SSH client)
HNDL = Harvest Now, Decrypt Later (store encrypted data for decrypting later using post-quantum computers)
PPTP = Point-to-Point Tunneling Protocol
PQC = Post-Quantum Cryptography (encryption resistant to fast quantum computers)
PR = Pull Request (GitHub feature for suggesting code changes and integrating them into the main code base)
PRD = Production (vs NPD for non-production in keeping with a consistent number of letters)
PS = Professional Services
PSE = Professional Services Engineer
PSIRT = Product Security Incident Response Team (protects customers of products)
PSK = Pre-Shared Key
PTA = Pass-Through Authentication (agents in Microsoft Azure AD Connect)
PTAL = Please Take A Look
PTES = Penetration Testing Execution Standard
PUA = Potentially Unwanted Application
PV = Persistent Volume (Kubernetes)
PV = Paravirtual Virtualization (type of Linux AMI boot loader)
PVC = Persistent Volume Claim (Kubernetes)
PWA = Progressive Web Application (application intended to work on any platform with a standards-compliant browser, including desktop and mobile devices)
PWC = Price Waterhouse Coopers (International Global Integrator Consulting firm)

Q

QA = Quality Assurance
QBR = Quarterly Business Review
QEC = Quantum Error Correction (IT)
QIR = Quantum Intermediate Representation (Microsoft)
QKD = Quantum Key Distribution (secures communication using a cryptographic protocol involving quantum computing with lasers)
QLDB = Quantum Ledger Database (AWS)
QML = Quantum Ledger Database (Microsoft)
QoQ = Quarter on Quarter
QoS = Quality of Service
QPU = Query Processing Unit (to bill CPU capacity in Microsoft Azure Analytics Services)
QPU = Quantum Processing Unit (Quantum IT)

R

RACI = Responsible + Accountable + Consulted + Informed (Responsibility Assignment Matrix)
RAD = Rapid Application Development (methodology)
RAG = Retrieval Augmented Generation (extension such as PostgreSQL pgvector to add proprietary knowledge to foundation models without retraining)
RAID = Redundant Array of Independent Disks
RAM = Random Access Memory
RAM = Resource Access Manager (AWS)
RAN = Radio Access Network
RASP = Runtime Application Self-Protection
RAT = Remote Access Trojan (malware)
RBAC = Role-Based Access Control
RBG = Random Bit Generator
RBVM = Risk-Based Vulnerability Management
RCA = Root Cause Analysis
RCS = Rich Communication Services (messaging, voice, video)
RCE = Root Code Execution
RDD = Resilient Distributed Dataset (native data structure underlying Apache Spark Dataframes used by Pandas)
RDF = Resource Description Language (W3C standard for graph databases)
RDL = Report Definition Language (XML representation of a paginated report definition from Microsoft SQL Server Reporting Services)
RDP = Remote Desktop Protocol (Microsoft technology for users to access a Windows computer remotely)
RDS = Relational Database Service (AWS cloud SQL service to host databases)
REST = Representational State Transfer
RFI = Request for Information
RFP = Request for Proposal
RFQ = Request for Quote
RGB = Red Green Blue (colors)
RGDD = Reliable Group Data Delivery (SDN)
RRA = Rapid Risk Assessment (NIST )
RIP = Rest In Peace
RISC = Reduced Instruction Set Computing
RLAIF = Reinforcement Learning with AI/LLM Feedback (Anthropic’s Constitutional AI)
RLHF = Reinforcement Learning with Human Feedback (to fine-tune ML rates after initial training)
RLS = Row-Level Security (in SQL database tables)
RMF = Risk Management Framework (from Mozilla)
RNG = Random Number Generator
RNN = Recurrent Neural Network (in Deep Learning)
ROA = Return on Assets
ROC = Report on Compliance (issued by DCS PSI auditors)
ROE = Return on Equity
ROI = Return on Investment
ROM = Read-only Memory
ROS = Return on Sales
ROSA = Red Hat OpenShift Service on AWS (containers)
RoT = Root of Trust
RPA = Robotic Process Automation
RPC = Remote Procedure Call
RPO = Recovery Point Objective
RPS = Requests Per Second
RRA = Rapid Risk Assessment
RRS = Reduced Redundancy Storage (AWS)
RSA = Resident System Engineer (role within HashiCorp)
RSA = Rivest + Shamir + Adleman (an encryption algorithm and company name based on the initials of its inventors)
RSS = Real Simple Syndication (web feed format)
RTC = Real Time Clock
RTFM = Read The Fine Manual (slang)
RTO = Recovery Time Objective
RTOS = Real-Time Operating System
RTSP = Real-Time Streaming Protocol (AWS Kinesis)
RUM = Resources Under Management (HashiCorp Terraform at scale)
RUP = Rational Unified Process (phased software development methodology from 2003 using object UML)
RaMP = Rapid Modernization Plan (Microsoft Zero Trust)

S

S3 = Simple Storage Service (AWS file object service)
SaaS = Software as a Service
SAIF = Secure AI Framework (Google)
SAM = Serverless Application Model (Amazon CLI)
SAML = Security Assertion Markup Language (XML-based standard for authentication and authorization)
SAN = Storage Area Network
SAP = Systems Applications and Product (large German ERP software company)
SAP = System Assessment Plan
SAQ = Self-Assessment Questionaire (of DSS PCI)
SAR = Security Assessment Report
SARIF = Static Analysis Results Interchange Format (standard by OASIS for sharing static vulnerability analysis results)
SARs = System Assessment Results
SAS = Shared Access Signature (secure token URI to Azure accounts and storage resources)
SASE = Secure Access Service Edge (Microsoft & Trust Broker SaaS by Palo Alto Prisma zScaler Cato Cloudfare)
SAST = Static Application Security Testing
SBI = Service-Based Interface
SBOM = Software Bill of Materials
SCA = Software Composition Analysis (identify vulnerable components in containers)
SCADA = Supervisory Control And Data Acquisition
SCAP = Security Content Automation Protocol
SCC = Security Command Center (Google’s SOC service)
SCEP = Simple Certificate Enrollment Protocol
SCF = Secure Controls Framework (SEC)
SCIM = System for Cross-Domain Identity Management (IT security)
SCM = Source Control Manager (such as GitHub)
SCP = Service Control Policy (in AWS to govern the use of other IAM policies)
SCSS = Sidecar Container Security Stack
SCT = Schema Conversion Tool (AWS)
SDE = Standardized Development Environment
SDK = Software Development Kit
SDN = Software-Defined Networking (used by AWS - an advancement to BGP used on public networks)
SDLC = System Development Life Cycle
SDMN = Software-defined Mobile Network (for SDN)
SDP = Software Defined Perimeter
SEB = Secure Enterprise Browsers
SEC = Security and Exchange Commission (regulates US financial markets)
SES = Simple Email Service (AWS)
SF = Service Fabric (Azure)
SG = Security Group
SGD = Stochastic Gradient Descent (AI technique to iteratively optimize)
SHA = Secure Hash Algorithm (a method to identify whether a file has been altered - also used by GitHub to create an index)
SHD = Service Health Dashboard (AWS)
SI = Systems Integrator
SIA = Storage Infrequent Access (AWS)
SIEM = Security Information and Event Management
SIG = Special Interest Group
SIGINT = Signals Intelligence (from electronic transmissions)
SIRP = Security Incident Response Plan (for SOC2)
SIRT = Security Incident Response Team (work in a SOC department)
SIS = Safety Instrumented System (automated control system that safeguards manufacturing environment in case of any hazardous incident in the industry)
SKSKSKSK = (internet slang expressing excitement)
SLA = Service Level Agreement
SLE = Single Loss Expectancy
SLI = Service Level Indicator
SLO = Service Level Objective
SLR = Service Linked Role (in IAM for Amazon Lightsail)
SLSA = Supply chain Levels for Software Artifacts (framework of standards and controls for a secure supply chain to build secure resilient software)
SMB = Server Message Block (storage)
SMB = Small or Mid-sized Business
SME = Subject Matter Expert
SMF = Session Management Function
SMI = Service Mesh Interface
SNMP = Simple Network Management Protocol
SMaaS = Service Mesh as a Service
SMTP = Simple Mail Transfer Protocol
SNI = Server Name Indication (SSL)
SNS = Simple Notification Service (to send and receive notifications in AWS)
SOA = Service Oriented Architecture
SOAP = Simple Object Access Protocol (uses XML)
SOAR = Security Orchestration Automation and Response
SOW = Statement of Work
SOC = Security Operations Center
SOC2 = Systems and Organization Controls (AICPA ISO 27701)
SOP = Standard Operating Procedure
SORN = System of Record Notice
SOX = Sarbanes-Oxley Act
SOX = Sarbanes-Oxley Act
SPA = Single Page Application
SPF = Sender Policy Framework (lists IP address of servers allowed to send email for a domain - for email authentication)
SPI = Service Provider Interface
SPI = Secure Personal Information
SPICE = Super-fast, Parallel, In-memory Calculation Engine (used in AWS QuickSight)
SPIFFE = Secure Production Identity Framework for Everyone (spec used by Consul Connect service mesh for establishing service identities)
SPOC = Single Point of Contact
SPOF = Single Point of Failure
SPLK = Splunk’s stock ticker symbol
SPN = Service Principal Name (Unique identifier for a service instance within Kerberos)
SPSCR = Security, Privacy, and Supply Chain Risks (in RMF)
SPAN Port = Port configured to receive a copy of every packet that passes through a switch.
SQL = Structured Query Language
SQS = Simple Queue Service (AWS hosted queues of messages)
SRA = Security Reference Architecture
SRE = Site Reliability Engineer (job role)
SRUM = System Resource Utilization Monitor (on Windows machines)
SSAE = Statement on Standards for Attestation Engagements
SSAS = SQL Server Analysis Services (from Microsoft)
SSD = Solid-State Drive (data storage)
SSDT = SQL Server Data Tools (Microsoft SQL Server)
SSE = Security Service Edge (Microsoft conditional access mechanisms for Zero Trust)
SSE = Server-Side Encryption
SSDLC = Secure Software Development Lifecycle
SSH = Secure Shell (a Linux feature to enable remote access of computers)
SSI = Sensitive Security Information
SSIS = SQL Server Integration Services (Microsoft)
SSL = Secure Sockets Layer (deprecated by TLS networking protocol)
SSML = Speech Synthesis Markup Language
SSMS = SQL Server Management Studio (Microsoft app)
SSN = Social Security Number (issued by the US government to unique identify an individual for taxes)
SSO = Single Sign On (IAM MFA)
SSoT = Single Source of Truth
SSP = System Security Plan
SSPR = Self-Service Password Reset (Security)
SSRF = Server Side Request Forgery
SSRM = Shared Security Responsibility Model
SSRS = SQL Server Reporting Services (Microsoft)
STA = State of The Art (most modern)
STAR = Security Test Audit Report
STIG = ecurity Technical Implementation Guide (from US DoD)
STIX = Structured Threat Information eXpression (XML API to share threat models by OASIS)
STRIDE = Spoofing of user identity; Tampering; Repudiation; Information disclosure (privacy breach or data leak); Denial of service (DoS); Elevation of privilege
STS = Security Token Service (AWS)
STS = StatefulSets (Kubernetes)
SUT = System Under Test
SVID = SPIFFE Verifiable Identity Document (cryptographic file used by a workload to prove its identity to a resource or caller)
SWF = Simple Workflow (service from AWS for developers to run tasks in parallel or sequentially)
SWG = Secure Web Gateway

T

TAM = Technical Account Manager
TAM = Total Addressable Market (marketing)
TaS = Test as Service
TAXII = Trusted Automated eXchange of Intelligence Information (how to share)
TB = TerraByte
TBD = To Be Decided (common vernacular)
TBH = To Be Honest
TCC = Trusted Cloud Computing (Microsoft)
TCC = Transparency, Consent, and Control (for user data protection within Apple OS)
TCO = Total Cost of Ownership
TDE = Transparent Data Encryption (HashiCorp Vault feature to substitute encrypted values in databases instead of HSMs)
TDIR = Threat Detection and Incident Response (security workflow)
TDP = Thermal Design Power (avg. max. power a processor dissipates heat while running)
TDM = Technical Decision Maker (vs. Business Decision Maker)
TFC = Terraform Cloud (SaaS Terraform offering)
TFE = Terraform Enterprise (self-installed/managed Terraform)
TIA = Thanks In Advance (chat slang)
TIC = Trusted Internet Connection
TIN = Tax Identification Number
TIP = Threat Intelligence Platform
TCSEC = Trusted Computer System Evaluation Criteria
TCO = Total Cost of Ownership
TDD = Test-Driven Development
TDM = Technical Decision Maker
TDS = Tabular Data Stream (network protocol for communication between Microsoft SQL Server and its clients)
TFE = Terraform Enterprise
TLP = Traffic Light Protocol (defines levels of information sharing with contractors - CLEAR, GREEN, AMBER, RED)
TTFN = Ta Ta For Now (chat)
TGW = Transit GateWay (in AWS cloud)
TH = Threat Hunting
TIP = Threat Intelligence Platform
TLD = Top Level Domain (the letters after the last dot on URLs processed by DNS)
TLS = Transport Layer Security
TMI = Too Much Information (common vernacular)
TOE = Target of Evaluation (what is being evaluated by the Common Criteria EAL)
TOFU = Trust On First Use
TOML = Tom’s Obvious Minimal Language (config text file format)
TOTP = Time-based One Time Password
TPISRM = Third Party Information Security Risk Management
TPM = Trusted Platform Module
TPRM = Third Party Risk Management
TSC = Trust Service Criteria
TSI = Trustworthy Software Initiative (UK)
TTE = Trusted Execution Environments (Microsoft Azure)
TTL = Time To Live
TTP = Trusted Third Party
TTP = Tactics + Techniques + Procedures (of security attack)
TTS = Text To Speech
TTV = Time to Value (marketing term)
TTX = TableTop eXercise (for security resilience)
TVM = Threat and Vulnerability Management (Microsoft)

U

U = yoU (chat slang)
UAC = User Account Control (on Windows)
UAT = User Acceptance Test
UCS = User
UDF = User-Defined Function
UDM = Unified Data Management
UDR = User-Defined Routes (used by Azure)
UDS = Unified Diagnostic Services (use in vehicles)
UEBA = User and Entity Behavior Analytics (detect any anomalous behavior - deviations from normal patterns of usage which have security implications)
UEFI = Unified Extensible Firmware Interface (spec. replaces BIOS to boot-up disks larger than 2TB)
UEM = Unified Endpoint Management/Manager (Microsoft Intune and Config. Manager)
UDP = User Datagram Protocol (networking)
UML = Unified Modeling Language
UPF = User Plane Function
UPN = User Principal Name (Microsoft)
URI = Universal Resource Identifier
URL = Universal Resource Locator
URM = Under-Represented Minority
USB = Universal Service Bus
UTC = Coordinated Universal Time (the new compromise term for GMT)
UTF = Unicode Transformation Format
UUID = Universally Unique Identifier (to identify information objects)
UVM = Unified Vulnerability Management (Armorcode: aggregate, correlate and prioritize findings from security tools)
UX = User eXperience

V

v12n = Virtualization (numeronym of 11 letters between v and n)
VAR = Value-Added Reseller
VAT = Value-Added Tax
VBO = Value-Based Outcome
VCS = Version Control System
VDI = Virtual Desktop Infrastructure (from Citrix)
VDP = Vulnerability Disclosure Program
VGW = Virtual Gateway (Amazon AWS)
VHD = Virtual Hard Drive (holds Page Blobs in Azure Storage of up to 8TB in size)
VIF = Virtual InterFace (networking)
VIM = Virtualized Infrastructure Manager (AWS)
VIP = Virtual IP (address)
VLAN = Virtual Local Area Network
VM = Virtual Machine
VMSS = Virtual Machine Scale Set (Azure)
VMM = Virtual Machine Manager (aka Hypervisor)
VNC = Virtual Network Computing
VNF = Virtual Network Function
VoIP = Voice over Internet Protocol
VRRP = Virtual Router Redundancy Protocol
VRM = Vendor Risk Management
VPA = Vertical Pod Autoscaler (Kubernetes)
VPC = Virtual Private Cloud (AWS)
VPG = Virtual Private Gateway (AWS)
VPS = Virtual Private Server (AWS)
VPN = Virtual Private Network
VSM = Value Stream Mapping
VSTS = Visual Studio Team Services (Microsoft)
VTL = Virtual Tape Library
VUI = Voice User Interface (Amazon Alexa & Google Home)
vTPM = Virtual Trusted Platform Module
VUCA = Volatile + Uncertain + Complex + Ambiguous

W

w/o = without (common vernacular)
W3C = World Wide Web Consortium (defines standards for JavaScript, HTML, XML, RDF, OWL, etc.)å
WAAP = Web application and API protection (a comprehensive security approach as an enhancement over web application firewalls)
WABD = Well Architected By Design
WAF = Web Application Firewall (AWS)
WAF = Well-Architected Framework
WAL = Write-Ahead Log
WAN = Wide Area Network
Wasm = WebAssembly (binary instruction coding for a stack-based virtual machine in browsers)
WBS = Work Breakdown Structure
WDYM = What Do You Mean? (chat slang)
WEP = Wired Equivalent Privacy (mobile security)
WFH = Work From Home
WIP = Work In Process
WMI = Windows Management Instrumentation (Microsoft)
WOT = Web of Trust (security)
WPA = Wi-Fi Protected Access
WPF = Windows Presentation Foundation (Microsoft)
WS = Workspace
WSDL = Web Services Description Language
WSFC = Windows Server Failover Clustering/Cluster (Microsft)
WTF = What The F*ck (internet slang)
WVD = Windows Virtual Desktop (Microsoft VDI)

X

X.509 = (certificate format used for HTTPS on web servers digitally sign application code secure email and authenticate devices to corporate networks)
XaaS = Anything as a Service
XKX = External Key Store (Amazon service to store secrets outside of AWS)
XDR = Extended Detection and Response (formerly Microsoft Security Center)
XML = Extensible Markup Language
XMPP = Extensible Message and Presence Protocol
XOR = Exclusive-Or (Assembly language instruction and symmetric encryption algorithm)

Y

YAML = YAML Ain’t Markup Language (Human-readable data-serialization text format)
YMMV = Your Mileage May Vary (chat slang)
YOLO = You Only Live Once (slang)
YTD = Year-To-Date

Z

ZRS = Zone-Redundant Storage (across 3 Azure Availability Zones)
ZT = Zero Trust
ZTA = Zero Trust Architecture
ZTDA = Zero Trust Data Access
ZTNA = Zero Trust Network Access/Architecture
ZTS = Zero Trust Security

Other Glossaries provide definitions:

https://www.acronymfinder.com/
https://github.com/mikepound/tls-exercises/blob/master/glossary.pdf
https://docs.aws.amazon.com/glossary/latest/reference/glos-chap.html

More about Security

This is one of a series about cyber security:

Wilson Mar

Acronyms

#

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z

Other Glossaries provide definitions:

More about Security

You might also enjoy (View all posts)