Information Security Abbrevations

Below is a list of commonly used abbrevations. These are not unique just to penetration testing or information security; We have included those associated with anything related to a penetration test project.

AAA	Authentication, Authorization, and Accounting
AC	Actual Cost
ACDF	Access Control Decision Function
ACI	Access Control Information
ACL	Access Control List
ACWP	Actual Cost of Work Performed
AD	Active Directory/Activity Description
ADM	Arrow Diagramming Method
AES	Advanced Encryption Standard
AF	Actual Finish Date
ADRP	Army's DISN Router Program
ADSL	Asymmetric Digital Subscriber Line
AFIWC	Air Force Information Warfare Center
AH	Authentication Header
AIS	Automated Information System
API	Application Program Interface
ASCII	American Standard Code for Information Interchange
ANS1	Abstract Syntax Notation
ARP	Address Resolution Protocol
AS	Actual Start Date
ATM	Asynchronous Transfer Mode
AV	Antivirus
BAC	Budget at Completion
BAPI	Biometrics Application Program Interface
BCA	Bridge Certificate Authority
BCWP	Budgeted Cost of Work Performed
BCWS	Budgeted Cost of Work Scheduled
BIOS	Basic Input/Output System
BN	Backbone Network
BOM	Bill of Materials
BOOTP	Boot Protocol
BSD	Berkley Software Design
C&A	Certification and Accreditation
C/AII	Corporate/Agency Information Infrastructure
C2	Command and Control
C4I	Command, Control, Communications, Computer, and Intelligence
CA	Certification Authority/Control Account
CALEA	Communications Assistance for Law Enforcement Act
CAN	Campus Area Network
CAP	Control Account Plan
CAPI	Cryptographic Application Programming Interface
CAT	Common Authentication Technology
CAW	Certificate Authority Workstation
CC	Common Criteria
CCB	Change Control Board
CCE	Common Configuration Enumeration
CCI	Controlled Cryptographic Item
CDMA	Code Division Multiple Access
CDR	Critical Design Review
CDSA	Common Data Security Architecture
CERT	Computer Emergency Response Team
CFD	Common Fill Devices
CGE	Cisco Global Exploiter
CGI	Common Gateway Interface
CH	Correspondence Host
CI	Cryptographic Interface/Configuration Item
CIO	Chief Information Officer
CIAC	Computer Incident Advisory Capability
CIDF	Common Instruction Detection Framework
CIK	Crypto-Ignition Key
CIRT	Computer Incident Response Team
CISO	Chief Information Security Officer
CKL	Compromised Key List
CM	Configuration Management
CMA	Certificate Management Authority
CMI	Certificate Management Infrastructure
CMIP	Common Management Information Protocol
CMP	Certificate Management Protocols
CMS	Certificate Management Systems
CMUA	Certificate Management User Agent
COA	Course of Action
COE	Common Operating Environment
COMSEC	Communications Security
CONOPS	Concept of Operations
COQ	Cost of Quality
CORBA	Common Object Request Broker Architecture
COTS	Commercial-Off-The-Shelf
CP	Certificate Policy/Critical Path
CPF	Cost Plus Fee
CPI	Cost Performance Index
CPM	Critical Path Method
CPS	Certification Practice Statement
CRL	Certificate Revocation List
CSA	Computer Security Act
CSP	Cryptographic Service Provider
CSRA	Critical Security Requirement Areas
CSSM	Common Security Services Manager
CTO	Chief Technology Officer
CV	Compliance Validation/Cost Variance
CVE	Common Vulnerability and Exposures
CVI	Compliance Validation Inspection
CVSD	Continuously Variable Slope Detection
CVSS	Common Vulnerability Scoring System
CWBS	Contract Work Breakdown Structure
CWE	Common Weakness Enumeration
DAA	Designated Approving Authority
DAC	Discretionary Access Control
DAP	Directory Access Protocol
DD	Data Date
DER	Distinguished Encoding Rules
DES	Data Encryption Standard
DHCP	Dynamic Host Control Protocol
DIT	Directory Information Tree
DMS	Defense Messaging System
DMZ	Demilitarized Zone
DN	Distinguished Name
DNS	Domain Name Server
DNSSEC	Domain Name System Security
DOS	Denial of Service
DSA	Directory Service Agents
DU	Duration
EAC	Estimate at Completion
EAL	Evaluation Assurance Level
ECAs	External Certificate Authorities
EF	Early Finish Date
EKMS	Electronic Key Management System
EMV	Expected Monetary Value
ESM	Encapsulating Security Management
ES	Early Start Date
ESP	Encapsulating Security Payload
ETC	Estimate to Complete
EUT	End User Terminal
EV	Expected Value/Earned Value
FedCIRC	Federal Computer Incident Response Center
FF	Finish-to-Finish/Free Float
FFP	Firm-Fixed-Price
FIPS	Federal Information Processing Standards
FIRST	Forum of Incident Response and Security Team
FISMA	Federal Information Processing Standards
FMEA	Failure Mode and Effect Analysis
FPIF	Fixed-Price-Incentive-Fee
FrSIRT	French Security Incident Response Team
FS	Finish-to-Start
FSRS	Functional Security Requirements for Specification
FTP	File Transfer Protocol
FW	Firewall
GSAKMP	Group Service Association Key Management Protocol
GUI	Graphical User Interface
GULS	General Upper Layer Security
HAG	High Assurance Guard
HF	High Frequency
HTML	Hyper Text Markup Language
HTTP	Hyper Text Transfer Protocol
I&A	Identification and Authentication
IA	Information Assurance
IAM	INFOSEC Assessment Methodology
IATF	Information Assurance Technical Framework
IBAC	Identity Based Access Control
IC	Intelligence Community
ICMP	Internet Control Message Protocol
ICRLA	Indirect Certificate Revocation List Authority
ID	Identifier
IDPS	Intrusion Detection and Prevention System
IDS	Intrusion Detection System
IDUP	Independent Data Unit Protection
IEEE	Institute of Electrical and Electronics Engineers
IEM	INFOSEC Evaluation Methodology
IETF	Internet Engineering Task Force
IFB	Invitation for Bid
IIS	Internet Information Server
IKE	Internet Key Exchange
ILS	Integrated Logistics Support
IMAP	Internet Mail Access Protocol
INE	Inline Network Encryptor
INFOSEC	Information Security
IP	Internet Protocol
IPN	Information Protection Network
IPS	Intrusion Prevention System
IPSec	Internet Protocol Security
IPX	Internet Packet Exchange
IR	Infrared
IS	Information Systems
ISAKMP	Internet Security Association and Key Management Protocol
ISDN	Integrated Services Digital Network
ISO	International Organization for Standardization
ISSAF	Information System Security Assessment Framework
ISSO	Information Systems Security Organization
IT	Information Technology
ITL	Information Technology Laboratory
IW	Information Warfare
KMI	Key Management Infrastructure
LAN	Local Area Network
LDAP	Lightweight Directory Access Protocol
LDM/KP	Local Management Device/Key Processor
LF	Late Finish Date
LOE	Level of Effort
LPD	Low Probability of Detection
LPI	Low Probability of Intercept
LRA	Local Registration Authority
LS	Late Start Date
MAC	Mandatory Access Control
MAN	Metropolitan Area Network
MD5	Message Digest 5
MILS	Multiple, Independent Security Levels
MIME	Multipurpose Internet Mail Extension
MSN	Mission Needs Statement
MoE	Measure of Effectiveness
MSP	Message Security Protocol
MTA	Message Transfer Protocol
MTS	Message Transfer System
NAT	Network Address Translation
NES	Network Encryption System
NIC	Network Interface Card
NIS	Network Information System
NIPC	National Infrastructure Protection Center
NIST	National Institute of Standards and Technology
NOS	Network Operating System
NSA	Network Security Agency
NSF	Network Security Framework
NVD	National Vulnerability Database
OBS	Organizational Breakdown Structure
OD	Original Duration
OIG	Office of Inspector General
OMB	Office of Management and Budget
OPSEC	Operational Security
ORD	Operational Requirements Documents
OS	Operating System
OSI	Open Systems Interconnection
OSSTMM	Open Source Security Testing Methodology Manual
OWASP	Open Web Application Security Project
P2P	Peer-to-Peer
PAA	Policy Approving Authority
PBX	Private Branch Exchange
PC	Percent Complete
PCA	Policy Creation Authority
PCI	Protocol Control Information
PDA	Personal Digital Assistant
PDM	Precedence Diagramming Method
PERL	Practical Extraction and Reporting Language
PF	Planned Finish Date
PGP	Pretty Good Privacy
PII	Personally Identifiable Information
PIN	Personal Identification Number
PKCS	Public Key Cryptographic Standards
PKI	Public Key Infrastructure
PM	Project Manager/Project Management
PMA	Policy Management Authority
PMBOK	Project Management Body of Knowledge
PMIS	Project Management Information System
PMO	Project Management Office
PMP	Project Management Professional
PPP	Point-to-Point Protocol
PS	Planned Start Date
PSTN	Public Switched Telephone Network
PSWBS	Project Summary Work Breakdown Structure
PV	Planned Value
QA	Quality Assurance
QC	Quality Control
QOS	Quality of Service
RADIUS	Remote Access Dial In User Service
RAM	Responsibility Assignment Matrix
RBAC	Rule Based Access Control
RBR	Rule-Based Reasoning
RBS	Resource Breakdown Structure/Risk Breakdown Structure
RD	Remaining Duration
RFC	Request for Comment
RFP	Request for Proposal
RFQ	Request for Quotation
ROE	Rules of Engagement
RTM	Requirements Traceability Matrix
S/MIME	Secure/Multipurpose Internet Mail Extension
SCADA	Supervisory Control and Data Acquisition
SCAP	Security Content Automation Protocol
SDD	Secure Data Device
SDE	Secure Data Exchange
SDLC	System Development Life Cycle
SET	Secure Electronic Transaction
SF	Scheduled Finish Date/Start to Finish
SFTP	Secure File Transfer Protocol
SHA	Secure Hashing Algorithm
SID	System Identfication
SIP	Session Initiation Protocol
SKM	Symmetric Key Management
SLA	Service Level Agreements
SMB	Server Message Block
SME	Subject Matter Expert
SMI	Security Management Infrastructure
SMIB	Security Management Information Base
SMTP	Simple Mail Transfer Protocol
SNMP	Simple Network Management Protocol
SOW	Statement of Work
SPG	Security Program Group
SPI	Schedule Performance Index
SS	Scheduled Start Date/Start to Start
SSA	System Security Administrator
SSAA	System Security Authorization Agreement
SSH	Secure Shell
SSID	Service Set Identifier
SSL	Secure Sockets Layer
SSN	Social Security Number
STE	Security Test and Evaluation
SV	Schedule Variance
SWOT	Strengths, Weaknesses, Opportunities, and Threats
TC	Target Completion Date
TCB	Trusted Computing Base
TCP	Transmission Control Protocol
TCP/IP	Transmission Control Protocol/Internet Protocol
TDMA	Time Division Multiple Access
TF	Target Finish Date/Total Float
TFTP	Trivial File Transfer Protocol
TLS	Transport Layer Security
TM	Time and Material
TOE	Target of Evaluation
TPEP	Trust Product Evaluation Program
TQM	Total Quality Management
TS	Target Start Date
TTP	Trusted Third Party
UDP	User Datagram Protocol
URL	Uniform Resource Locator
USB	Universal Serial Bus
VE	Value Engineering
VM	Virtual Machine
VoIP	Voice over Internet Protocol
VPN	Virtual Private Network
WAN	Wide Area Network
WBS	Work Breakdown Structure
WEP	Wired Equivalent Privacy
WIDPS	Wireless Intrusion Detection and Prevention System
WIFI	Wireless Fidelity
WLAN	Wireless Local Area Network
WPA	Wi-Fi Protected Access
WVE	Wireless Vulnerabilities and Exploits
XML	Extensible Markup Language