Acronym List

Acronyms Page 1 of 2
Please note that this is not an all-inclusive list of acronyms.

Third Party Assessment Contract Team Official Enterprise System

3PAO COR ESM
Organization Representative Management
American Association of COS Chief of Staff Estimated Value
A2LA EVM
Laboratory Accreditation Management
CIO- Chief Information Officer-
AA Annual Assessment Federal Acquisition
SP4 Solutions and Partners 4 FAR
Regulations
Association for the Cooperative Project
CPA FAQ Frequently Asked Question
AAHR Accreditation of Human Assurance
PP Research Protection Computerized Patient Record Federal Accounting Standards
CPRS FASB
Programs System Board
Authenticator Assurance CRAD Cooperative Research and FCOI Financial Conflict of Interest
AAL
Level A Development Agreement
Food and Drug
ACOS Associate Chief of Staff CRAD Chief Research and FDA
Administration
O Development Officer
ADI FDA Amendments Act of
CRF Case Report Form FDAAA
2007
ADR Adverse Drug Reaction Contract Research Fabrication, Falsification, and
CRO FFP
AE Adverse Event Organization Plagiarism
Commercial Service Federal Information
AFCEA CSA FIPS
Agreement Processing Standard
American Health Information CSP Cooperative Studies Program Federal Information Security
AHIC FISMA
Community Management Act
CT Clinical Trial
AMPL FHIR
Cooperative Technology
AO Administrative Officer CTAA Financial Management
Administration Agreement FMS
System
APELO CVA Content Variance Analysis
N FOIA Freedom of Information Act
Chief Veterinary Medical
American Veterinary Medical CVMO (VA) Field Research Advisory
AVMA Officer FRAC
Association Committee
Business Associate CY Calendar Year Full-time Employee
BAA FTEE
Agreement CYA Call Your Attorney Equivalent (FTE)
CACI Designated Agency Ethics FWA Federalwide Assurance
DAEO
Community Based Outpatient Official FY Fiscal Year
CBOC
Clinic DARP Defense Advanced Research
Government Accountability
C-CDA A Projects Agency GAO
Office
DATA
Centers for Disease Control GCP Good Clinical Practice
CDC CALL
and Prevention
Data Consent Committee General Dynamics
CDS Clinical Decision Support DCC GDIT
(HIPAA abbreviation) Information Technology
CDW Clinical Data Warehouse DCAA The Genomic Informatics
GenIsis System for Integrative
CEO Chief Executive Officer DFAS Science
Comparative Effectiveness Department of Health and GMPA Genomic Medicine Program
CER DHHS
Research Human Services C Advisory Committee
CFR Code of Federal Regulations Department of Homeland Genetics and Public Policy
DHS GPPC
Security Center
Clinical Health Data
CHDR DMC Data Monitoring Committee GSA
Repository
CIDMO DoD Department of Defense GUI
Clinical Information Modeling DOR Determination of Rights GWAC
CIMI S
Initiative
DSL Digital Subscriber Line HCP Health Care Provider
CIO Chief Information Officer
Council for International DSMB Data Safety Monitoring Board Department of Health and
HHS
CIOMS Organizations and Medical Designated Standard Human Services
Science Maintenance Organization HIMSS
DSMO
CIP Certified IRB Professional (HIPAA abbreviation)
Health Insurance Portability
HIPAA
Central Institutional Review and Accountability Act
CIRB DSSR Department of State
Board Health Integrity and
Standardized Regulations HIPDB
Collaborative IRB Training Protection Data Bank
CITI DUA Data Use Agreement
Initiative Health Information Service
HISP
Clinical Laboratory Deputy Under Secretary for Provider
CLIA DUSH
Improvement Amendment Health Health Information
HITEC
CO Central Office ECFV Educational Commission of Technology for Economic
H
G Foreign Veterinary Graduates and Clinical Health
COAC Center on Advice &
H Compliance Help EGOS HITSP
COI Conflict of Interest Emergency Management HL7
EMCC
Coordination Cell
Acronyms Page 2 of 2
 Human Protections (obsolete – refer to FWA) Education
HPA
Administrator MT Material Transfer Occupational Safety & Health
OSHA
HRO High Reliability Organization Administration
MTA Material Transfer Agreement
PA Privacy Act
HRP Human Research Protection
MVP Million Veteran Program
Human Research Protection PB Privacy Board
HRPP National Association of
Program NAVR PDUS Principal Deputy Under
Veteran Research and
Human Subjects Research EF H Secretary for Health
Education Foundations
Subcommittee (of the PHI Protected Health Information
HSRS Committee on Science, White National Bioethics Advisory
NBAC
House National Science and Commission Public Health Information
PHIE
Technology Council) NCI National Cancer Institute Exchange
Partnership for Human
IAA Inter-Agency Agreement NCMA PHRP
Research Protection
Information Access and National Committee for PHS Public Health Service
IAP NCQA
Privacy Quality Assurance
IC Information Custodian New England Anti-Vivisection PI Principal Investigator
NEAVS
Society PO Privacy Officer
ICD Informed Consent Document National Human Genome
NHGRI POP Period of Performance
ICD 10 Research Institute
National Health Physics PRIM& Public Responsibility in
ICF Informed Consent Form NHPP
Program R Medicine & Research
International Conference on NIH National Institutes of Health Post Traumatic Stress
ICH PTSD
Harmonisation Disorder
National Institute of
Investigational Device NIST Privacy Violation Tracking
IDE Standards and Technology PVTS
Exemption System
NIH Information Technology
Indefinite Delivery Indefinite NITAA QA Quality Assurance
IDIQ Acquisition and Assessment
Quality C
Center QI Quality Improvement
IG Inspector General
NLB National Leadership Board
IND Investigational New Drug QMS Quality Management System
NPC Non Profit Corporations Quality Enhancement
IO Institutional Official (VA) National Research QUERI
NRAC Research Initiative
Intergovernmental Personnel Advisory Council R&D Research and Development
IPA
Act Nuclear Regulatory
NRC Research Assurance &
IRB Institutional Review Board Commission
RACO Compliance Officer (VISN
Information Resources NSF National Science Foundation Level)
IRM
Management Non-Significant Risk (device Research Administrative
NSR RAMS
International Society of studies) Management System
ISBER Biological and Environmental NTRT RC Regional Council
Repositories
Office of Biotechnology RCI
ISO Information Security Officer OBA
Activities
ISO Research Compliance Officer
OCIO RCO
9001 (Facility Level)
OEF Operation Enduring Freedom Responsible Conduct of
IT Information Technology RCR
Research
Office of Extramural
Information Technology OER RCS Records Control Schedule
ITOC Research
Oversight and Compliance
OGC Office of General Council RFA Request for Application
JLV
Office of Governmental RFI Request for Information
KBS OGE
Ethics
Legally Authorized Office for Human Research RFP Request for Proposal
LAR OHRP
Representative Protections (HHS) RIO Research Integrity Officer
LDS Limited Data Set Office of Information and
OI&T Research Information
Technology RIPP
LOI Letter of Intent Protection Program
OIF Operation Iraqi Freedom
Logistics Management RO Regional Office
LMI Office of the Inspector
Incorporation OIG
General RTEP
LSI Local Site Investigator Office of Management &
OMB Secretary’s Advisory
Budget SACH
MAS Committee on Human
Office of the National RP
Massachusetts Veterans ONC Research Protections (HHS)
MAVE Coordinator
Epidemiology Research and SAE Serious Adverse Event
RIC Office of Research and
Information Center ORD
Development (VHA) SAIC
MCD Medical Center Director Office of Research Integrity
ORI Statement on Accounting
(HHS) SAS
MDM Mobile Device Management Standards
Office of Research Oversight
MED ORO SC Study Chair
(VHA)
RT ORO Office of Research Oversight Standards Development
Memorandum of SDO
MOU RO Regional Office Organization
Understanding ORPP Office of Research SDVO Service Connected Disability
MPA Multiple Project Assurance &E Protections, Policy, and SB Veteran Owned Small

Acronyms Page 3 of 2
 Business VDIF
System Interconnection
SIA Veterans Health
Agreement VHA
Administration
SLA Service Level Agreement Veterans Health Information
VHIE
SMAR Site Mentoring Advice and Exchange
T Resource Team Veteran’s Informatics and
VINCI
SME Subject Matter Expert Computing Infrastructure
Veterans Integrated Service
SMI Serious Mental Illness VISN
Network
SNC Serious Noncompliance VISP
SNOM Veterans Health Information
ED VistA Systems & Technology
SOCO Architecture
R VIT
Standard Operating
SOP VMU Veterinary Medical Unit
Procedure
SOP Scope of Practice Veterans Service
VSO
Organization
SOR Systems of Record WBS Work Breakdown Structure
SOW Statement of Work Women Owned Small
WOSB
Single Project Assurance Business
SPA
(obsolete – refer to FWA) WOC Without Compensation
SR Significant Risk
Standards Related
SRO
Organization
Subcommittee on Research
SRS
Safety
SSN Social Security Number
SWIM
LENTH
S
TA Teaming Agreement
T4NG
TBI Traumatic Brain Injury
TRW
Terminology Standards and
TSS
Support
TTP Technology Transfer Program
UAE Unanticipated Adverse Event
UAP Unanticipated Problem
3PAO Third Party Assessment
UAT User Acceptance Testing Organization
URL Universal Resource Locator A2LA American Association of Laboratory
Accreditation
USC United States Code AA Annual Assessment
United States Computer fedramp.gov page 1
US- Emergency Readiness Team Master Acronyms and Glossary
CERT (Department of Homeland AAL Authenticator Assurance Level
Security) AC Access Control (security control family)
United States Department of ACL Access Control List
USDA AICPA American Institute of Certified
Agriculture
Public Accountants
USH Under Secretary for Health AO Authorizing Official
Department of Veterans API Application Programming Interface
VA
Affairs APL Approved Products List (DoD)
VACO VA Central Office ASHRAE American Society of Heating,
Refrigerating and Air-conditioning
VADP VA API developer platform Engineers
VA Interoperability in AT Awareness and Training (security
VAIL control family)
Leadership
VA Interoperability in ATO Authority to Operate
VAIR AU Audit and Accountability (security
Roadmap
control family)
VAPI VA Protected Information
BCP Business Continuity Plan
VASI VA Sensitive Information BCR Baltimore Cyber Range
VA- VA Security Operations BIA Business Impact Analysis / Business
SOC Officer Impact Assessment

Acronyms Page 4 of 2
BOD Binding Operational Directive (DHS)
BPA Blanket Purchase Agreement
C&A Certification and Accreditation
CA Security Assessment and
Authorization (security control family)
CAC Common Access Card
CAP Corrective Action Plan
CAPTCHA Completely Automated Public
Turing test to tell Computers and Humans
Apart
CCB Change Control Board /
Configuration Control Board
CDM Continuous Diagnostics and
Mitigation
CD-ROM Compact Disc Read-Only
Memory
CERT Computer Emergency Readiness
Team
CI Configuration Item
CI/CD Continuous Integration/Continuous
Deployment
CIA Confidentiality, Integrity, Availability
CIDR Classless Inter-Domain Routing
CIM Common Information Model
CIO Chief Information Officer
CIOC Chief Information Officer Council
CIRT Computer Incident Response Team
CIS Control Implementation Summary
CISO Chief Information Security Officer
CLI Command Line Interface
CM Configuration Management (security
control family)
CMMI Capability Maturity Model
Integration
CMP Configuration Management Plan
CMVP Cryptographic Module Validation
Program
CO Contracting Officer
CoLo Co Location
ConMon Continuous Monitoring
CONOPS Concept of Operations
CONUS Continental/Contiguous United
States
COOP Continuity of Operations Plan
COR Contracting Officer’s Representative
COTS Commercial Off-The-Shelf
CP Contingency Planning (security control
family)
CPC Contingency Planning Coordinator
CPD Contingency Planning Director
CR Change Request
CRM Customer Responsibility Matrix or
Customer Relationship Management
CSA Cloud Security Alliance
CSIRC Computer Security Incident
Response Center
CSO Cloud Service Offering
CSP Cloud Service Provider
CSV Comma Separated Values
CTO Chief Technology Officer
CTW Control Tailoring Workbook
CUI Controlled Unclassified Information
CVE Common Vulnerabilities and
Exposures
CVSS Common Vulnerability Scoring
System
D&A Document and Assess (LI-SaaS)
DAA Designated Approving Authority
DAS Direct Attached Storage
DDoS Distributed Denial of Service
DFR Detailed Finding Review
DHCP Dynamic Host Configuration
Protocol
DHS Department of Homeland Security
DISA Defense Information Systems
Agency
DMZ Demilitarized Zone
DNS Domain Name System / Domain
Name Server
DNSSEC Domain Name System Security
Extensions
DoD Department of Defense
DoH DNS over HTTPS
DoS Denial of Service
DoT DNS over TLS
DR Deviation Request
DS Database Scan
EA Enterprise Architecture (OMB)
E-Authentication Electronic Authentication
E-Discovery Electronic Discovery
EC-Council International Council of
Electronic Commerce Consultants
ECSB Enterprise Cloud Service Broker
ESI Electronically Stored Information
FAL Federation Assurance Level
FAQ Frequently Asked Questions
FAR Federal Acquisition Regulation
FDCCI Federal Data Center Consolidation
Initiative
FDIC Federal Deposit Insurance
Corporation
FED Federal Government
FedRAMP Federal Risk and Authorization
Management Program
FFRDC Federally Funded Research and
Development Center
FICAM Federal Identity, Credential, and
Access Management
FIPS Federal Information Processing
Standards
FIPS PUB Federal Information Processing
Standard Publication
FISMA Federal Information Security
Management Act (2002)
FISMA Federal Information Security
Modernization Act (2014)
FOC Final Operating Capability
FOIA Freedom of Information Act
FP False Positive
FPS Federal Protective Service
FRA Federal Records Act
FTP File Transfer Protocol
GFI Government Furnished Information
GIAC Global Information Assurance
Certification
GMT Greenwich Mean Time
GSA General Services Administration
GSS General Support System
GUI Graphical User Interface
HF High Frequency
HIDS Host Intrusion Detection System
HIPAA Health Insurance Portability and
Accountability Act
HIPS Host Intrusion Prevention System
HRT Hardware Recovery Team
HSM Hardware Security Module
HSPD Homeland Security Presidential
Directive
HSTS HTTP Strict Transport Security
HTTP Hypertext Transfer Protocol
HW Hardware
IA Identification and Authentication
(security control family)
IA Independent Auditor / Assessor
IAA Inter-Agency Agreement
IaaS Infrastructure as a Service
IAL Identity Assurance Level
Acronyms
IAO Independent Assessment
Organizations
IAP Internet Access Points
IAW In Accordance With
ID Identification
IG Inspector General
IOC Initial Operating Capability
IP Internet Protocol
IPv4 Internet Protocol version 4
IPv6 Internet Protocol version 6
IPSec Internet Protocol Security
IPT Integrated Product Team
IR Incident Response (security control
family)
IRP Incident Response Plan
IS Information System
ISA Interconnection Security Agreement
ISCP Information System Contingency
Plan
iSCSI Internet Small Computer System
Interface
ISConMon Information Security
Continuous Monitoring
ISIMC Information Security and Identity
Management Committee
ISO/IEC International Organization for
Standardization / International
Electrotechnical Commission
ISP Internet Service Provider
ISPP Information Security Policies and
Procedures
ISSO Information System Security Officer
IT Information Technology
ITCP IT Contingency Plan
IV&V Independent Verification and
Validation
IXP Internet Exchange Point
JAB Joint Authorization Board (FedRAMP)
JSON JavaScript Object Notation
LAN Local Area Network
LDAP Lightweight Directory Access
Protocol
LI-SaaS Low Impact Software as a Service
LMS Learning Management System
MA Maintenance (security control family)
MAC Media Access Control
MAX MAX.gov (Secure Repository)
MFA Multi-Factor Authentication
MOA Memorandum of Agreement
MOU Memorandum of Understanding
MP Media Protection (security control
family)
MSSP Managed Security Service Provider
MT Manual Test
MTIPS Managed Trusted IP Service
N/A Not Applicable
NARA National Archives and Records
Administration
NAS Network Attached Storage
NAT Network Address Translation
NDA Non-Disclosure Agreement
NetBIOS Network Basic Input/Output
System
NFPA National Fire Protection Association
NGO Non-Governmental Organization
NIAP National Information Assurance
Partnership
NIS Network Information System
NISP National Industrial Security Program
NIST National Institute of Standards and
Technology
NIST SP NIST Special Publication
NNTP Network News Transfer Protocol
NOC Network Operations Center
Page 5 of 2
NPPD National Protection and Programs
Directorate (DHS)
NSA National Security Agency
NTP Network Time Protocol
NTTAA National Technology Transfer and
Advancement Act
NVD National Vulnerability Database
NVI NAT Virtual Interface
ODAL Outage and Damage Assessment
Lead
OEP Occupant Emergency Plan
OGC Office of the General Counsel
OIG Office of the Inspector General
OMB Office of Management and Budget
OR Operational Requirement
OS Operating System
OSINT Open Source Intelligence
OSCAL Open Security Controls
Assessment Language
OSCP Online Certificate Status Protocol
OWASP Open Web Application Security
Project
P&P Policies and Procedures
PA Provisional Authorization
PaaS Platform as a Service
P-ATO Provisional Authority to Operate
PCI Payment Card Industry (Data Security
Standard)
PDF Portable Document Format
PDS Protective Distribution System
PE Physical and Environmental Protection
(security control family)
PHI Protected Health Information
PIA Privacy Impact Assessment
PII Personally Identifiable Information
PIV Personal Identity Verification
PKI Public Key Infrastructure
PL Planning (security control family)
PL Public Law
PLC Procurement and Logistics
Coordinator
PM Program Management
PMO Program Management Office
POA&M Plan of Action and Milestones
POC Point of Contact
POSIX Portable Operating System
Interface
PS Personnel Security (security control
family)
PTA Privacy Threshold Analysis
PTR Penetration Test Report
PUB Publication
QA Quality Assurance
QC Quality Control
QM Quality Management
RA Risk Assessment (security control
family)
RA Risk Adjustment
RAR Readiness Assessment Report
RBAC Role-Based Access Control
RFC Request for Change
RFI Request for Information
RFP Request for Proposal
RFQ Request for Quotation
RIP Routing Information Protocol
RMF Risk Management Framework
ROB Rules of Behavior
ROE Rules of Engagement
ROI Return On Investment
RP Relying Party
RTO Recovery Time Objective
SA System and Services Acquisition
(security control family)
SaaS Software as a Service
SAF Security Assessment Framework
SAML Security Assertion Markup
Language
SAN Storage Area Network
SAP Security Assessment Plan
SAR Security Assessment Report
SAS Security Assessment Support
SC System and Communications
Protection (security control family)
SC Security Coordinator
SCAP Security Content Automation
Protocol
SCR Significant Change Request
SCSI Small Computer System Interface
SD Secure Digital
SDLC System Development Life Cycle
SI System and Information Integrity
(security control family)
SIA Security Impact Analysis
SIEM Security Information and Event
Management
SLA Service Level Agreement
SME Subject Matter Expert
SMS Short Message Service
SMTP Simple Mail Transfer Protocol
SO System Owner
SOC Security Operations Center
SOC System and Organization Controls
(AICPA)
SOP Standard Operating Procedure
SORN System of Records Notice
SP Service Processor
SQL Structured Query Language
SRT Software Recovery Team
SSL Secure Sockets Layer
SSO Single Sign-On
SSP System Security Plan
SDO Standards Developing Organization
SW Software
TAA Trade Agreements Act
TCP Transmission Control Protocol
TFTP Trivial FTP
TIC Trusted Internet Connection
TICAP Trusted Internet Connection
Access Providers
TLD Top Level Domain
TLS Transport Layer Security
TOS Terms of Service
TP Test Plan
TR Technical Representative / Reviewer
TT Telecommunications Team
TTS Technology Transformation Services
UHF Ultra-High Frequency
UDP User Datagram Protocol
UPS Uninterruptible Power Supply
US United States
USGCB United States Government
Configuration Baseline
URL Uniform Resource Locator
USB Universal Serial Bus
USC United States Code
US-CERT United States Computer
Emergency Readiness Team
UTC Universal Time Coordinated
UUCP Unix-to-Unix Copy Protocol
VD Vendor Dependency
VHF Very High Frequency
VLAN Virtual Local Area Network
VM Virtual Machine
VPN Virtual Private Network
VoIP Voice over Internet Protocol
WAN Wide Area Network
XML Extensible Markup Language
Acronyms Page 6 of 2