Professional Documents
Culture Documents
Acronyms Page 1 of 2
Please note that this is not an all-inclusive list of acronyms.
Acronyms Page 3 of 2
Business VDIF
System Interconnection
SIA Veterans Health
Agreement VHA
Administration
SLA Service Level Agreement Veterans Health Information
VHIE
SMAR Site Mentoring Advice and Exchange
T Resource Team Veteran’s Informatics and
VINCI
SME Subject Matter Expert Computing Infrastructure
Veterans Integrated Service
SMI Serious Mental Illness VISN
Network
SNC Serious Noncompliance VISP
SNOM Veterans Health Information
ED VistA Systems & Technology
SOCO Architecture
R VIT
Standard Operating
SOP VMU Veterinary Medical Unit
Procedure
SOP Scope of Practice Veterans Service
VSO
Organization
SOR Systems of Record WBS Work Breakdown Structure
SOW Statement of Work Women Owned Small
WOSB
Single Project Assurance Business
SPA
(obsolete – refer to FWA) WOC Without Compensation
SR Significant Risk
Standards Related
SRO
Organization
Subcommittee on Research
SRS
Safety
SSN Social Security Number
SWIM
LENTH
S
TA Teaming Agreement
T4NG
TBI Traumatic Brain Injury
TRW
Terminology Standards and
TSS
Support
TTP Technology Transfer Program
UAE Unanticipated Adverse Event
UAP Unanticipated Problem
3PAO Third Party Assessment
UAT User Acceptance Testing Organization
URL Universal Resource Locator A2LA American Association of Laboratory
Accreditation
USC United States Code AA Annual Assessment
United States Computer fedramp.gov page 1
US- Emergency Readiness Team Master Acronyms and Glossary
CERT (Department of Homeland AAL Authenticator Assurance Level
Security) AC Access Control (security control family)
United States Department of ACL Access Control List
USDA AICPA American Institute of Certified
Agriculture
Public Accountants
USH Under Secretary for Health AO Authorizing Official
Department of Veterans API Application Programming Interface
VA
Affairs APL Approved Products List (DoD)
VACO VA Central Office ASHRAE American Society of Heating,
Refrigerating and Air-conditioning
VADP VA API developer platform Engineers
VA Interoperability in AT Awareness and Training (security
VAIL control family)
Leadership
VA Interoperability in ATO Authority to Operate
VAIR AU Audit and Accountability (security
Roadmap
control family)
VAPI VA Protected Information
BCP Business Continuity Plan
VASI VA Sensitive Information BCR Baltimore Cyber Range
VA- VA Security Operations BIA Business Impact Analysis / Business
SOC Officer Impact Assessment
Acronyms Page 4 of 2
BOD Binding Operational Directive (DHS) DISA Defense Information Systems IAO Independent Assessment
BPA Blanket Purchase Agreement Agency Organizations
C&A Certification and Accreditation DMZ Demilitarized Zone IAP Internet Access Points
CA Security Assessment and DNS Domain Name System / Domain IAW In Accordance With
Authorization (security control family) Name Server ID Identification
CAC Common Access Card DNSSEC Domain Name System Security IG Inspector General
CAP Corrective Action Plan Extensions IOC Initial Operating Capability
CAPTCHA Completely Automated Public DoD Department of Defense IP Internet Protocol
Turing test to tell Computers and Humans DoH DNS over HTTPS IPv4 Internet Protocol version 4
Apart DoS Denial of Service IPv6 Internet Protocol version 6
CCB Change Control Board / DoT DNS over TLS IPSec Internet Protocol Security
Configuration Control Board DR Deviation Request IPT Integrated Product Team
CDM Continuous Diagnostics and DS Database Scan IR Incident Response (security control
Mitigation EA Enterprise Architecture (OMB) family)
CD-ROM Compact Disc Read-Only E-Authentication Electronic Authentication IRP Incident Response Plan
Memory E-Discovery Electronic Discovery IS Information System
CERT Computer Emergency Readiness EC-Council International Council of ISA Interconnection Security Agreement
Team Electronic Commerce Consultants ISCP Information System Contingency
CI Configuration Item ECSB Enterprise Cloud Service Broker Plan
CI/CD Continuous Integration/Continuous ESI Electronically Stored Information iSCSI Internet Small Computer System
Deployment FAL Federation Assurance Level Interface
CIA Confidentiality, Integrity, Availability FAQ Frequently Asked Questions ISConMon Information Security
CIDR Classless Inter-Domain Routing FAR Federal Acquisition Regulation Continuous Monitoring
CIM Common Information Model FDCCI Federal Data Center Consolidation ISIMC Information Security and Identity
CIO Chief Information Officer Initiative Management Committee
CIOC Chief Information Officer Council FDIC Federal Deposit Insurance ISO/IEC International Organization for
CIRT Computer Incident Response Team Corporation Standardization / International
CIS Control Implementation Summary FED Federal Government Electrotechnical Commission
CISO Chief Information Security Officer FedRAMP Federal Risk and Authorization ISP Internet Service Provider
CLI Command Line Interface Management Program ISPP Information Security Policies and
CM Configuration Management (security FFRDC Federally Funded Research and Procedures
control family) Development Center ISSO Information System Security Officer
CMMI Capability Maturity Model FICAM Federal Identity, Credential, and IT Information Technology
Integration Access Management ITCP IT Contingency Plan
CMP Configuration Management Plan FIPS Federal Information Processing IV&V Independent Verification and
CMVP Cryptographic Module Validation Standards Validation
Program FIPS PUB Federal Information Processing IXP Internet Exchange Point
CO Contracting Officer Standard Publication JAB Joint Authorization Board (FedRAMP)
CoLo Co Location FISMA Federal Information Security JSON JavaScript Object Notation
ConMon Continuous Monitoring Management Act (2002) LAN Local Area Network
CONOPS Concept of Operations FISMA Federal Information Security LDAP Lightweight Directory Access
CONUS Continental/Contiguous United Modernization Act (2014) Protocol
States FOC Final Operating Capability LI-SaaS Low Impact Software as a Service
COOP Continuity of Operations Plan FOIA Freedom of Information Act LMS Learning Management System
COR Contracting Officer’s Representative FP False Positive MA Maintenance (security control family)
COTS Commercial Off-The-Shelf FPS Federal Protective Service MAC Media Access Control
CP Contingency Planning (security control FRA Federal Records Act MAX MAX.gov (Secure Repository)
family) FTP File Transfer Protocol MFA Multi-Factor Authentication
CPC Contingency Planning Coordinator GFI Government Furnished Information MOA Memorandum of Agreement
CPD Contingency Planning Director GIAC Global Information Assurance MOU Memorandum of Understanding
CR Change Request Certification MP Media Protection (security control
CRM Customer Responsibility Matrix or GMT Greenwich Mean Time family)
Customer Relationship Management GSA General Services Administration MSSP Managed Security Service Provider
CSA Cloud Security Alliance GSS General Support System MT Manual Test
CSIRC Computer Security Incident GUI Graphical User Interface MTIPS Managed Trusted IP Service
Response Center HF High Frequency N/A Not Applicable
CSO Cloud Service Offering HIDS Host Intrusion Detection System NARA National Archives and Records
CSP Cloud Service Provider HIPAA Health Insurance Portability and Administration
CSV Comma Separated Values Accountability Act NAS Network Attached Storage
CTO Chief Technology Officer HIPS Host Intrusion Prevention System NAT Network Address Translation
CTW Control Tailoring Workbook HRT Hardware Recovery Team NDA Non-Disclosure Agreement
CUI Controlled Unclassified Information HSM Hardware Security Module NetBIOS Network Basic Input/Output
CVE Common Vulnerabilities and HSPD Homeland Security Presidential System
Exposures Directive NFPA National Fire Protection Association
CVSS Common Vulnerability Scoring HSTS HTTP Strict Transport Security NGO Non-Governmental Organization
System HTTP Hypertext Transfer Protocol NIAP National Information Assurance
D&A Document and Assess (LI-SaaS) HW Hardware Partnership
DAA Designated Approving Authority IA Identification and Authentication NIS Network Information System
DAS Direct Attached Storage (security control family) NISP National Industrial Security Program
DDoS Distributed Denial of Service IA Independent Auditor / Assessor NIST National Institute of Standards and
DFR Detailed Finding Review IAA Inter-Agency Agreement Technology
DHCP Dynamic Host Configuration IaaS Infrastructure as a Service NIST SP NIST Special Publication
Protocol IAL Identity Assurance Level NNTP Network News Transfer Protocol
DHS Department of Homeland Security NOC Network Operations Center
Acronyms Page 5 of 2
NPPD National Protection and Programs SAF Security Assessment Framework
Directorate (DHS) SAML Security Assertion Markup
NSA National Security Agency Language
NTP Network Time Protocol SAN Storage Area Network
NTTAA National Technology Transfer and SAP Security Assessment Plan
Advancement Act SAR Security Assessment Report
NVD National Vulnerability Database SAS Security Assessment Support
NVI NAT Virtual Interface SC System and Communications
ODAL Outage and Damage Assessment Protection (security control family)
Lead SC Security Coordinator
OEP Occupant Emergency Plan SCAP Security Content Automation
OGC Office of the General Counsel Protocol
OIG Office of the Inspector General SCR Significant Change Request
OMB Office of Management and Budget SCSI Small Computer System Interface
OR Operational Requirement SD Secure Digital
OS Operating System SDLC System Development Life Cycle
OSINT Open Source Intelligence SI System and Information Integrity
OSCAL Open Security Controls (security control family)
Assessment Language SIA Security Impact Analysis
OSCP Online Certificate Status Protocol SIEM Security Information and Event
OWASP Open Web Application Security Management
Project SLA Service Level Agreement
P&P Policies and Procedures SME Subject Matter Expert
PA Provisional Authorization SMS Short Message Service
PaaS Platform as a Service SMTP Simple Mail Transfer Protocol
P-ATO Provisional Authority to Operate SO System Owner
PCI Payment Card Industry (Data Security SOC Security Operations Center
Standard) SOC System and Organization Controls
PDF Portable Document Format (AICPA)
PDS Protective Distribution System SOP Standard Operating Procedure
PE Physical and Environmental Protection SORN System of Records Notice
(security control family) SP Service Processor
PHI Protected Health Information SQL Structured Query Language
PIA Privacy Impact Assessment SRT Software Recovery Team
PII Personally Identifiable Information SSL Secure Sockets Layer
PIV Personal Identity Verification SSO Single Sign-On
PKI Public Key Infrastructure SSP System Security Plan
PL Planning (security control family) SDO Standards Developing Organization
PL Public Law SW Software
PLC Procurement and Logistics TAA Trade Agreements Act
Coordinator TCP Transmission Control Protocol
PM Program Management TFTP Trivial FTP
PMO Program Management Office TIC Trusted Internet Connection
POA&M Plan of Action and Milestones TICAP Trusted Internet Connection
POC Point of Contact Access Providers
POSIX Portable Operating System TLD Top Level Domain
Interface TLS Transport Layer Security
PS Personnel Security (security control TOS Terms of Service
family) TP Test Plan
PTA Privacy Threshold Analysis TR Technical Representative / Reviewer
PTR Penetration Test Report TT Telecommunications Team
PUB Publication TTS Technology Transformation Services
QA Quality Assurance UHF Ultra-High Frequency
QC Quality Control UDP User Datagram Protocol
QM Quality Management UPS Uninterruptible Power Supply
RA Risk Assessment (security control US United States
family) USGCB United States Government
RA Risk Adjustment Configuration Baseline
RAR Readiness Assessment Report URL Uniform Resource Locator
RBAC Role-Based Access Control USB Universal Serial Bus
RFC Request for Change USC United States Code
RFI Request for Information US-CERT United States Computer
RFP Request for Proposal Emergency Readiness Team
RFQ Request for Quotation UTC Universal Time Coordinated
RIP Routing Information Protocol UUCP Unix-to-Unix Copy Protocol
RMF Risk Management Framework VD Vendor Dependency
ROB Rules of Behavior VHF Very High Frequency
ROE Rules of Engagement VLAN Virtual Local Area Network
ROI Return On Investment VM Virtual Machine
RP Relying Party VPN Virtual Private Network
RTO Recovery Time Objective VoIP Voice over Internet Protocol
SA System and Services Acquisition WAN Wide Area Network
(security control family) XML Extensible Markup Language
SaaS Software as a Service
Acronyms Page 6 of 2