Home Resources Acronyms
quotes

People in the security space love acronyms! Just saying some of these out loud makes your infrastructure more secure.

Acronyms

AI

Asset Identification, part of the SCAP standard, is a language that provides a data model for identifying assets, methods for identifying assets, and guidance on how to use asset identification.

ARF

The Asset Reporting Format, part of the SCAP standard, is a language that expresses the transport format of information about assets, and the relationships between assets and reports. It is also often called Result DataStream because it is complementary to Source DataStream.

CCE

Common Configuration Enumeration, part of the SCAP standard, is an enumeration of security relevant configuration elements for applications and operation systems.

CCSS

The Common Configuration Scoring System, part of the SCAP standard, is a specification for measuring the relative severity of system security configuration issues.

CIS

The Center for Internet Security, Inc. (CIS) is a 501c3 nonprofit organization focused on enhancing the cybersecurity readiness and response of public and private sector entities.

CPE

Common Platform Enumeration, part of the SCAP standard, is a structured naming scheme used to identify information technology systems, platforms, and packages.

CVE

Common Vulnerabilities and Exposures, part of the SCAP standard, is an enumeration for publicly known information security vulnerabilities.

CVSS

The Common Vulnerability Scoring System, part of the SCAP standard, is a language for representing system configuration information, assessing machine state, and reporting assessment results.

CWE

Common Weakness Enumeration is a community project whose main task is to collect a catalog of software weaknesses and vulnerabilities and deal with them.

FIPS

The Federal Information Processing Standards are an official set of standards developed by the United States federal government. These standards describe document processing, encryption algorithms and more. They apply to the use of computer systems by non-military government agencies, government contractors and vendors who work with the agencies.

MITRE

MITRE is an American nonprofit Corporation which performs research & analysis, development, engineering and integration. They are sponsored by the federal government and have various research programs.

NIST

The National Institute of Standards and Technology is a federal technology agency. They advance official technology, measurement science and standards.

NVD

The National Vulnerability Database is the U.S. government repository of vulnerability management data, which enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

OCIL

The Open Checklist Interactive Language, part of the SCAP standard, is a language for representing checks that collect information from people or from existing data stores made by other data collection efforts.

OVAL

The Open Vulnerability and Assessment Language, part of the SCAP standard, is declarative language for making logical assertions about the state of endpoint system.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing on one hand, and simultaneously to all subjects processing, transmitting, or storing cardholder data or sensitive user authentication information on the other.

SCE

The Script Check Engine is a SCAP extension to allow script execution from SCAP policy. That might be useful during rapid policy development as scripts are easier to write than OVAL.

SDS

SCAP source data stream that is a standalone XML file containing XCCDF, OVAL, CPE and possibly other files required for evaluation.

SACM

Security Automation and Continuous Monitoring is a life-cycle process which provides effective asset control and efficient delivery of information. The process includes managing resources (infrastructure, data), capabilities (people) and artifacts (HWs, SWs, Documentation).

SCAP

Security Content Automation Protocol is a specification for expressing and manipulating security data in standardized ways. SCAP uses several individual specifications in concert to automate continuous monitoring, vulnerability management, and security policy compliance evaluation reporting.

SWID

Software identification tags (SWID tags) record unique information about an installed software application, including its name, edition, version, whether it’s part of a bundle and more.

USGCB

The purpose of the United States Government Configuration Baseline is to create security configuration baselines for Information Technology products widely deployed across the federal agencies.

XCCDF

The eXtensible Configuration Checklist Description Format, part of the SCAP standard, is a language to express, organize, and manage security policies. It is a basic building block of security policy.

sitemap