| 3DES | Triple Data Encryption Standard |
| AAA | Authentication, Authorization, and Accounting |
| ABAC | Attribute-based Access Control |
| ACL | Access Control List |
| AD | Active Directory |
| AES | Advanced Encryption Standard |
| AES256 | Advanced Encryption Standard 256bit |
| AH | Authentication Header |
| AI | Artificial Intelligence |
| AIS | Automated Indicator Sharing |
| ALE | Annualized Loss Expectancy |
| AP | Access Point |
| API | Application Programming Interface |
| APT | Advanced Persistent Threat |
| ARO | Annualized Rate of Occurrence |
| ARP | Address Resolution Protocol |
| ASLR | Address Space Layout Randomization |
| ASP | Active Server Pages |
| ATT&C | Adversarial Tactics, Techniques, and Common Knowledge |
| AUP | Acceptable Use Policy |
| AV | Antivirus |
| AV | Asset Value |
| BASH | Bourne Again Shell |
| BAC | Business Availability Center |
| BCP | Business Continuity Planning |
| BIA | Business Impact Analysis |
| BIOS | Basic Input/Output System |
| BPA | Business Partners Agreement |
| BPDU | Bridge Protocol Data Unit |
| BSSID | Basic Service Set Identifier |
| BYOD | Bring Your Own Device |
| CA | Certificate Authority |
| CAC | Common Access Card |
| CAN | Controller Area Network |
| CAPTCHA | Completely Automated Public Turing Test to Tell Computers and Human Apart |
| CAR | Corrective Action Report |
| CASB | Cloud Access Security Broker |
| CBC | Cipher Block Chaining |
| CBT | Computer-Based Training |
| CCMP | Counter-Mode/CBC-Mac Protocol |
| CCTV | Closed-Circuit Television |
| CER | Certificate |
| CER | Cross-Over Error Rate |
| CERT | Computer Emergency Response Team |
| CFB | Cipher Feedback |
| CHAP | Challenge Handshake Authentication Protocol |
| CIO | Chief Information Officer |
| CIRT | Computer Incident Response Team |
| CIS | Center for Internet Security |
| CMS | Content Management System |
| CN | Common Name |
| COOP | Continuity of Operations Plan |
| COPE | Corporate Owned, Personally Enabled |
| CP | Contingency Planning |
| CRC | Cyclic Redundancy Check |
| CRL | Certificate Revocation List |
| CSA | Cloud Security Alliance |
| CSIRT | Computer Security Incident Response Team |
| CSO | Chief Security Officer |
| CSP | Cloud Service Provider |
| CSR | Certificate Signing Request |
| CSRF | Cross-Site Request Forgery |
| CSU | Channel Service Unit |
| CTM | Counter-Mode |
| CTO | Chief Technology Officer |
| CTR | Counter |
| CVE | Common Vulnerabilities and Exposures |
| CVSS | Common Vulnerability Scoring System |
| CYOD | Choose Your Own Device |
| DAC | Discretionary Access Control |
| DBA | Database Administrator |
| DDoS | Distributed Denial of Service |
| DEP | Data Execution Prevention |
| DER | Distinguished Encoding Rules |
| DES | Data Encryption Standard |
| DFIR | Digital Forensics and Investigation Response |
| DHCP | Dynamic Host Configuration Protocol |
| DHE | Data-Handling Electronics |
| DHE | Diffie-Hellman Ephemeral |
| DKIM | Domain Keys Identified Mail |
| DLL | Dynamic Link Library |
| DLP | Data Loss Prevention |
| DMARC | Domain Message Authentication Reporting and Conformance |
| DMZ | Demilitarized Zone |
| DNAT | Destination Network Address Translation |
| DNS | Domain Name Service (Server) |
| DNSSEC | Domain Name System Security Extensions |
| DoS | Denial of Service |
| DPO | Data Protection Officer |
| DRP | Disaster Recovery Plan |
| DSA | Digital Signature Algorithm |
| DSL | Digital Subscriber Line |
| DSU | Data Service Unit |
| EAP | Extensible Authentication Protocol |
| ECB | Electronic Code Book |
| ECC | Elliptic Curve Cryptography |
| ECDHE | Elliptic Curve Diffie-Hellman Ephemeral |
| ECDSA | Elliptic Curve Digital Signature Algorithm |
| EDR | Endpoint Detection and Response |
| EFS | Encrypted File System |
| EIP | Extended Instruction Pointer |
| EMI | Electromagnetic Interference |
| EMP | Electro Magnetic Pulse |
| EOL | End of Life |
| EOS | End of Service |
| ERP | Enterprise Resource Planning |
| ESN | Electronic Serial Number |
| ESP | Encapsulated Security Payload |
| EF | Exposure Factor |
| ESSID | Extended Service Set Identifier |
| FACL | File System Access Control List |
| FAR | False Acceptance Rate |
| FDE | Full Disk Encryption |
| FIM | File Integrity Monitoring |
| FPGA | Field Programmable Gate Array |
| FRR | False Rejection Rate |
| FTP | File Transfer Protocol |
| FTPS | Secured File Transfer Protocol |
| GCM | Galois Counter Mode |
| GDPR | General Data Protection Regulation |
| GPG | GNU Privacy Guard |
| GPO | Group Policy Object |
| GPS | Global Positioning System |
| GPU | Graphic Processing Unit |
| GRE | Generic Routing Encapsulation |
| HA | High Availability |
| HDD | Hard Disk Drive |
| HIDS | Host-Based Intrusion Detection System |
| HIPS | Host-Based Intrusion Prevention System |
| HMAC | Hashed Message Authentication Code |
| HOTP | HMAC-based One-Time Password |
| HSM | Hardware Security Module |
| HSMaaS | Hardware Security Module as a Service |
| HTML | Hypertext Markup Language |
| HTTP | Hypertext Transfer Protocol |
| HTTPS | Hypertext Transfer Protocol Secure |
| HVAC | Heating, Ventilation and Air Conditioning |
| IaaS | Infrastructure as a Service |
| ICMP | Internet Control Message Protocol |
| ICS | Industrial Control Systems |
| ID | Identification |
| IDEA | International Data Encryption Algorithm |
| IDF | Intermediate Distribution Frame |
| IdP | Identity Provider |
| IDS | Intrusion Detection System |
| IEEE | Institute of Electrical and Electronic Engineers |
| IIS | Internet Information System |
| IKE | Internet Key Exchange |
| IM | Instant Messaging |
| IMAP4 | Internet Message Access Protocol V4 |
| IoC | Indicators of Compromise |
| IoT | Internet of Things |
| IP | Internet Protocol |
| IPS | Intrusion Prevention System |
| IPSec | Internet Protocol Security |
| IR | Incident Response |
| IR | Infrared |
| IRC | Internet Relay Chat |
| IRP | Incident Response Plan |
| ISA | Interconnection Security Agreement |
| ISFW | Internal Segmentation Firewall |
| ISO | International Organization for Standardization |
| ISP | Internet Service Provider |
| ISSO | Information Systems Security Officer |
| ITCP | IT Contingency Plan |
| IV | Initialization Vector |
| KDC | Key Distribution Center |
| KEK | Key Encryption Key |
| L2TP | Layer 2 Tunneling Protocol |
| LAN | Local Area Network |
| LDAP | Lightweight Directory Access Protocol |
| LEAP | Lightweight Extensible Authentication Protocol |
| MaaS | Monitoring as a Service |
| MAC | Mandatory Access Control |
| MAC | Media Access Control |
| MAC | Message Authentication Code |
| MAM | Mobile Application Network |
| MAN | Metropolitan Area Network |
| MBR | Master Boot Record |
| MD5 | Message Digest 5 |
| MDF | Main Distribution Frame |
| MDM | Mobile Device Management |
| MFA | Multi-Factor Authentication |
| MFD | Multi-Function Device |
| MFP | Multi-Function Printer |
| MITM | Man-in-the-Middle |
| ML | Machine Learning |
| MMS | Multimedia Message Service |
| MOA | Memorandum of Agreement |
| MOU | Memorandum of Understanding |
| MPLS | Multi-Protocol Label Switching |
| MSA | Measurement Systems Analysis |
| MSCHAP | Microsoft Challenge Handshake Authentication Protocol |
| MSP | Managed Service Provider |
| MSSP | Managed Security Service Provider |
| MTBF | Mean Time Between Failures |
| MTTF | Mean Time to Failure |
| MTTR | Mean Time to Recover or Mean Time to Repair |
| MTU | Maximum Transmission Unit |
| NAC | Network Access Control |
| NAS | Network Attached Storage |
| NAT | Network Address Translation |
| NDA | Non-Disclosure Agreement |
| NFC | Near Field Communication |
| NFV | Network Function Virtualization |
| NGAC | Next Generation Access Control |
| NGFW | Next Generation Firewall |
| NG-SWG | Next Generation Secure Web Gateway |
| NIC | Network Interface Card |
| NIDS | Network-Based Intrusion Detection System |
| NIPS | Network-Based Intrusion Prevention System |
| NIST | National Institute of Standards & Technology |
| NOC | Network Operations Center |
| NTFS | New Technology File System |
| NTLM | New Technology LAN Manager |
| NTP | Network Time Protocol |
| OAUTH | Open Authorization |
| OCSP | Online Certificate Status Protocol |
| OID | Object Identifier |
| OS | Operating System |
| OSI | Open Systems Interconnection |
| OSINT | Open Source Intelligence |
| OSPF | Open Shortest Path First |
| OT | Operational Technology |
| OTA | Over The Air |
| OTG | On The Go |
| OVAL | Open Vulnerability Assessment Language |
| OWASP | Open Web Application Security Project |
| P12 | PKCS #12 |
| P2P | Peer to Peer |
| PaaS | Platform as a Service |
| PAC | Proxy Auto Configuration |
| PAM | Privileged Access Management |
| PAM | Pluggable Authentication Modules |
| PAP | Password Authentication Protocol |
| PAT | Port Address Translation |
| PBKDF | Password-Based Key Derivation Function 2 |
| PBX | Private Branch Exchange |
| PCAP | Packet Capture |
| PCI DSS | Payment Card Industry Data Security Standard |
| PDU | Power Distribution Unit |
| PE | Portable Executable |
| PEAP | Protected Extensible Authentication Protocol |
| PED | Personal Electronic Device |
| PEM | Privacy-Enhanced Electronic Mail |
| PFS | Perfect Forward Secrecy |
| PFX | Personal Exchange Format |
| PGP | Pretty Good Privacy |
| PHI | Personal Health Information |
| PII | Personally Identifiable Information |
| PIN | Personal Identification Number |
| PIV | Personal Identity Verification |
| PKCS | Public Key Cryptography Standards |
| PKI | Public Key Infrastructure |
| PoC | Proof of Concept |
| POODLE | Padding Oracle on Downgrade Legacy Encryption |
| POP | Post Office Protocol |
| POTS | Plain Old Telephone System |
| PPP | Point-to-Point Protocol |
| PPTP | Point-to-Point Tunneling Protocol |
| PSK | Pre-Shared Key |
| PTZ | Pan-Tilt-Zoom |
| PUP | Potentially Unwanted Program |
| QA | Quality Assurance |
| QoS | Quality of Service |
| RA | Recovery Agent |
| RA | Registration Authority |
| RAD | Rapid Application Development |
| RADIUS | Remote Authentication Dial-In User Server |
| RAID | Redundant Array of Inexpensive Disks |
| RAM | Random Access Memory |
| RAS | Remote Access Server |
| RAT | Remote Access Trojan |
| RBAC | Role-Based Access Control |
| RBAC | Rule-Based Access Control |
| RC4 | Rivest Cipher Version 4 |
| RCS | Rich Communication Services |
| RDP | Remote Desktop Protocol |
| RFC | Request for Comments |
| RFID | Radio Frequency Identifier |
| RIPEMD | RACE Integrity Primitives Evaluation Message Digest |
| ROI | Return on Investment |
| RMF | Risk Management Framework |
| RPO | Recovery Point Objective |
| RSA | Rivest, Shamir, & Adleman |
| RTHB | Remotely Triggered Black Hole |
| RTO | Recovery Time Objective |
| RTOS | Real-Time Operating System |
| RTP | Real-Time Transport Protocol |
| S/MIME | Secure/Multipurpose Internet Mail Extensions |
| SaaS | Software as a Service |
| SAML | Security Assertion Markup Language |
| SAN | Storage Area Network |
| SAN | Subject Alternative Name |
| SCADA | System Control and Data Acquisition |
| SCAP | Security Content Automation Protocol |
| SCEP | Simple Certificate Enrollment Protocol |
| SCP | Secure Copy |
| SCSI | Small Computer System Interface |
| SDK | Software Development Kit |
| SDLC | Software Development Life Cycle |
| SDLM | Software Development Life Cycle Methodology |
| SDN | Software Defined Network |
| SDP | Service Delivery Platform |
| SDV | Software Defined Visibility |
| SED | Self-Encrypting Drive |
| SHE | Structured Exception Handler |
| SFTP | Secured File Transfer Protocol |
| SHA | Secure Hashing Algorithm |
| SHTTP | Secure Hypertext Transfer Protocol |
| SIEM | Security Information and Event Management |
| SIM | Subscriber Identity Module |
| SIP | Session Initiation Protocol |
| SLA | Service Level Agreement |
| SLE | Single Loss Expectancy |
| S/MIME | Secure/Multipurpose Internet Mail Extensions |
| SMB | Server Message Block |
| SMS | Short Message Service |
| SMTP | Simple Mail Transfer Protocol |
| SMTPS | Simple Mail Transfer Protocol Secure |
| SNMP | Simple Network Management Protocol |
| SOAP | Simple Object Access Protocol |
| SOAR | Security Orchestration, Automation, Response |
| SoC | System on a Chip |
| SPF | Sender Policy Framework |
| SPIM | SPAM over Internet Messaging |
| SPoE | Single Point of Failure |
| SQL | Structured Query Language |
| SQLi | SQL Injection |
| SRTP | Secure Real-Time Protocol |
| SSD | Solid State Drive |
| SSH | Secure Shell |
| SSID | Service Set Identifier |
| SSL | Secure Sockets Layer |
| SSO | Single Sign-On |
| STIX | Structured Threat Information eXpression |
| STP | Shielded Twisted Pair |
| TACAS+ | Terminal Access Controller Access Control System Plus |
| TAXII | Trusted Automated eXchange of Intelligence Information |
| TCP/IP | Transmission Control Protocol/Internet Protocol |
| TGT | Ticket Granting Ticket |
| TKIP | Temporal Key Integrity Protocol |
| TLS | Transport Layer Security |
| TOTP | Time-Based One-Time Password |
| TPM | Trusted Platform Module |
| TSIG | Transaction Signature |
| TTP | Tactics, Techniques, and Procedures |
| UAT | User Acceptance Testing |
| UAV | Unmanned Aerial Vehicle |
| UDP | User Datagram Protocol |
| UEBA | User and Entity Behavior Analytics |
| UEFI | Unified Extensible Framework Interface |
| UEM | Unified Endpoint Management |
| UPS | Unterruptable Power Supply |
| URI | Uniform Resource Identifier |
| URL | Universal Resource Locator |
| USB | Universal Serial Bus |
| USB OTG | USB On The Go |
| UTM | Unified Threat Management |
| UTP | Unshielded Twisted Pair |
| VBA | Visual Basic for Applications |
| VDE | Virtual Desktop Environment |
| VDI | Virtual Desktop Infrastructure |
| VLAN | Virtual Local Area Network |
| VLSM | Variable Length Subnet Masking |
| VM | Virtual Machine |
| VoIP | Voice Over IP |
| VPC | Virtual Private Cloud |
| VPN | Virtual Private Network |
| VTC | Video Teleconferencing |
| WAF | Web Application Firewall |
| WAP | Wireless Access Point |
| WEP | Wired Equivalent Privacy |
| WIDS | Wireless Intrusion Detection System |
| WIPS | Wireless Intrusion Prevention System |
| WORM | Wire Once Read Many |
| WPA | Wi-Fi Protected Access |
| WPA2 | Wi-Fi Protected Access 2 |
| WPS | Wi-Fi Protected Setup |
| WTLS | Wireless TLS |
| XaaS | Anything as a Service |
| XML | Extensible Markup Language |
| XOR | Exclusive Or |
| XSRF | Cross-Site Request Forgery |
| XSS | Cross-Site Scripting |
