Glossary of Abbreviations

Terms & Acronyms Explained

The world of cybersecurity and audit is full of confusing terms and acronyms, often with little explanation. This chart is intended to help serve as a glossary for the terms and acronyms you will find on this site!

 ASV  Approved Scanning Vendors
 AT 101  Attestation Standards section 101
 Audit  An examination of the management controls within an Information technology infrastructure
 AWS  Amazon Web Services
 BCP  Business Continuity Planning
 BIA  Business Impact Analysis
 CEH  Certified Ethical Hacker
 CGEIT  Certified in the Governance of Enterprise IT
 CISA  Certified Information Systems Auditor
 CISSP  Certified Information Systems Security Professional
 CoBiT®  Control Objectives for Information and Related Technologies
 CRISC  Certified in Risk and Information Systems Control
 CUI  Controlled Unclassified Information
 DFARS  Defense Federal Acquisition Regulation Supplement
 DoD  United States Department of Defense
 DSS  Data Security Standard
 EHR  Electronic Health Record
 ePHI  Electronic Protected Health Information
 FDIC  Federal Deposit Insurance Corporation
 FFIEC  Federal Financial Institutions Examination Council
 FISMA  Federal Information Security Management Act, a US federal law enacted in 2002 requiring federal agencies to conduct annual reviews of the agency's information security program and report the results to Office of Management and Budget
 GDPR  General Data Protection Regulation, a EU law enacted in 2018 to give control to individuals over their personal data and to simplify the regulatory environment for international business
 GIAC  Global Information Assurance Certification
 GLBA  Gramm-Leach-Bliley Act, a US federal law enacted in 1999 requiring financial institutions to explain how they share and protect their customers’ private data
 HIPAA  Health Insurance Portability and Accountability Act, a US act enacted in 1996 to modernize the flow of healthcare information, and to define how client information maintained by the healthcare and insurance industries should be protected from fraud and theft
 HITECH  Health Information Technology for Economic and Clinical Health Act, a US act enacted in 2009 to promote and expand the adoption of health information technology
 IEC  International Electrotechnical Commission
 ISO  International Organization for Standardization or Information Security Officer
 IT  Information Technology
 KBP  Key Business Processes
 MACRA  Medicare Access and CHIP Reauthorization Act, a US statute enacted in 2015 changing the payment system for doctors who treat Medicare patients
 MIPS  Merit-Based Incentive Payment System
 NIST  National Institute of Standards and Technology
 OSSTMM  Open Source Security Testing Methodology Manual
 PCI  Payment Card Industry
 Pen Test  Short for "Penetration Testing"
 PHI  Protected Health Information
 QSA  Qualified Security Assessor
 ROC  Report on Compliance
 RPO  Recovery Point Objectives
 RTO  Recovery Time Objectives
 SaaS  Software as a service
 SAS  Statement on Auditing Standards
 SOC  Service Organization Controls
 SEC  Securities and Exchange Commission
 SOX  Sarbanes–Oxley Act, a US federal law enacted in 2002 bringing major changes to the regulation of financial practice and corporate governance
 SSAE  Statement on Standards for Attestation Engagements
 TSC  Trust Services Criteria
 TSP  Trust Services Principles
 VM  Vendor Management