FedRAMP Master Acronym List Version 1.0 September 10, 2015
Revision History Date Version Page(s) Description Author Sept. 10, 2014 1.0 All Initial issue. FedRAMP PMO How to Contact Us For questions about FedRAMP or this document, email to info@fedramp.gov. For more information about FedRAMP, visit the website at http://www.fedramp.gov. Page ii
Table of Contents 1. List of Acronyms... 1 List of Tables Table 1. FedRAMP Acronyms... 1 Page iii
1. LIST OF ACRONYMS Table 1 below is the master list of FedRAMP acronyms. Please send suggestions about corrections, additions, or deletions to info@fedramp.gov. Table 1. FedRAMP Acronyms Acronym 3PAO A2LA AC ACL AO APL AT ATO AU BIA CA CapEx CCB CDM CI CIOC CIS CISO CLI CM CMP CMVP ConMon COOP CO COR COTS CP CR CRM CSIRC OCSIT CSP CTW DAS DHS Meaning Third Party Assessment Organization American Association of Laboratory Accreditation Access Control Access Control List Authorizing Official Approved Products List (DOD list) Awareness and Training Authorization To Operate Audit and Accountability Business Impact Analysis / Business Impact Assessment Security Assessment and Authorization Capital Expense Change Control Board Continuous Diagnostics and Mitigation Configuration Item Chief Information Officer Council Control Implementation Summary / Control Information Summary Chief Information Security Officer Command Line Interface Configuration Management / Change Management Configuration Management Plan Cryptographic Module Validation Program Continuous Monitoring Continuity of Operations Contracting Officer Contracting Officer s Representative Commercial Off-The-Shelf Contingency Planning / Contingency Plan Change Request Customer Relationship Management Computer Security Incident Response Center Office of Citizen Services and Innovative Technologies (of GSA) Cloud Service Provider Control Tailoring Workbook Direct Attached Storage Department of Homeland Security Page 1
DNS Domain Name System ECSB Enterprise Cloud Service Broker FDCCI Federal Data Center Consolidation Initiative FedRAMP Federal Risk and Authorization Management Program FIPS Federal Information Processing Standard FISMA Federal Information Security Management Act (of 2002) FOC Final Operating Capability FTP File Transfer Protocol GSA General Services Administration GSS General Support System GUI Graphical User Interface HIPAA Health Insurance Portability and Accountability Act (of 1996) HSM Hardware Security Module HSPD 12 Homeland Security Presidential Directive 12 IA Identification and Authentication IaaS Infrastructure as a Service IEC International Electrotechnical Commission IG Inspector General / Implementation Guidance IOC Initial Operating Capability IPv4 Internet Protocol version 4 IPv6 Internet Protocol version 6 IR Incident Response iscsi Internet Small Computer System Interface ISIMC Information Security and Identity Management Committee ISO International Organization for Standardization International Organization for Standardization / International Electrotechical ISO/IEC Commission ISSO Information System Security Officer IT Information Technology ITCP IT Contingency Plan JAB (FedRAMP) Joint Authorization Board LMS Learning Management System MA Maintenance MAS Multiple Award Schedule Max Max.gov (file repository website) MP Media Protection MTIPS Managed Trusted IP Service N/A Not Applicable NARA National Archives and Records Administration NAS Network Attached Storage NAT Network Address Translation NFPA National Fire Protection Association NGO Non-Governmental Organization NISP National Industrial Security Program NIST National Institute of Standards and Technology Page 2
NNTP NPPD NTP NVI OCSIT OIG OMB OpEx OR OWASP PA PaaS P-ATO PDF PE PIA PII PIV PL PMO POA&M POC PS QA QC QM PTA RA RBAC RFC RFI RFP RIP ROB RoE SA SaaS SAF SAML SAN SAP SAR SAS SC SCSI Network News Transfer Protocol National Protection and Programs Directorate (of DHS) Network Time Protocol NAT Virtual Interface Office of Citizen Services and Innovative Technologies (us) Office of the Inspector General Office of Management and Budget Operating Expense Operational Requirement Open Web Application Security Project Provisional Authorization Platform as a Service Provisional Authorization to Operate Portable Document Format Physical and Environmental Protection Privacy Impact Assessment Personally Identifiable Information Personal Identity Verification Planning Program Management Office Plan of Action and Milestones Point of Contact Personnel Security Quality Assurance Quality Control Quality Management Privacy Threshold Analysis Risk Assessment Role-Based Access Control Request For Change Request for Information Request for Proposal Routing Information Protocol Rules of Behavior Rules of Engagement System and Services Acquisition Software as a Service Security Assessment Framework Security Assertion Markup Language Storage Area Networks Security Assessment Plan Security Assessment Report Security Assessment Support System and Communications Protection Small Computer System Interface Page 3
SI SLA SME SMS SMTP SOP SSO SSP TFTP TIC TICAP TR TR-R UPS US-CERT UUCP VLAN VPN System and Information Integrity Service Level Agreement Subject Matter Expert Short Message Service Simple Mail Transfer Protocol Standard Operating Procedure Single Sign-On System Security Plan Trivial FTP Trusted Internet Connection Trusted Internet Connection Access Providers Technical Representative Technical Representative s Representative Uninterruptible Power Source United States Computer Emergency Readiness Team Unix-to-Unix Copy Protocol Virtual Local Area Network Virtual Private Network Page 4