IT, Cybersecurity, Compliance, and Government Acronym Lists
The Future of Work is Hybrid
May 30, 1900
Protecting Critical Data from Phishing and Other Insider Threats
January 21, 2021IT, Cybersecurity, Compliance, and Government Acronym Lists
IT acronyms can be daunting. And new ones seem to pop up every week. We can help.
Below are four alphabetical lists of IT-related acronyms including: Managed Security Service Provider (MSSP) Acronyms, Cybersecurity Compliance Acronyms, Government Procurement Acronyms, and Business Management Acronyms.
Updated April 19, 2023
IT Managed Security Service Provider Acronyms
3PP - Third-party Patching
AI - Artificial Intelligence
AISP - All-in Seat Price
API - Application Programming Interface
ASP - Application Service Provider
AUP - Acceptable Use Policy
AV - Antivirus
AWS - Amazon Web Services
BaaS - Backend as a Service
BIA - Broadband Internet Access
BYOD - Bring Your Own Device
CaaS - Collaboration as a Service
CDN - Content Delivery Network
CDP - Continuous Data Protection (backup technology)
CIS - Computer Information Systems
CISA - Certified Information Systems Auditor (ISACA) (see CISA in Govt/VA)
CMS - Cloud Managed Service (IT) (see CMS in Bus/Mgmt & Govt/VA)
CMSA - Cloud Managed Service Agreement
CompTIA - Computing Technology Industry Association
CSP - Cloud Service Providers
DaaS - Desktop as a Service (aka Data as a Service)
DevOps - Software Dev (Dev) & IT Operations (Ops) (also see DevSecOps)
DL - Deep Learning
DR - Data Recovery
DRaaS - Data Recovery as a Service
EA - Enterprise Architecture
EaaS - Everything as a Service (also seen as XaaS)
ECM - Enterprise Content Management
EDI - Electronic Data Interchange
EoL - End of Life
EoS - End of Service (aka End of Support)
ETP - Email Threat Protection
FFF - Full Fixed Fee (see PFF)
FTP - File Transfer Protocol
GCP - Google Cloud Platform
HaaS - Hardware as a Service
HCI - Hyperconverged Infrastructure (Cisco HyperFlex)
HDI - Help Desk Institute
HIMSS - Healthcare Information & Management Systems Society
HTTP - Hypertext Transfer Protocol
IaaS - Infrastructure as a Service
IMM - Infrastructure Monitoring & Management
ICT - Information and Communications Technology
IDF - Intermediate Distribution Frame (see MDF in IT)
IDPS - Intrusion Detection Prevention System (aka IPS)
IIoT - Industrial Internet of Things
IoT - Internet of Things
IP - Internet Protocol
IPAM - IP Address Management
IPS - Intrusion Prevention System (aka IDPS)
ISP - Internet Service Provider (also see ISP in Security / Compliance)
IT - Information Technology (also see OT)
ITIL - Information Technology Infrastructure Library
ITSM - Information Technology Service Management
LAN - Local Area Network (wired)
LDAP - Lightweight Directory Access Protocol - Active Directory Repository
LUN - Logical Unit Number
MDF - Main Distribution Frame (see IDF in IT)
MFA - Multi-factor Authentication
MIB - Management Information Base
ML - Machine Learning
MMS - Multimedia Messaging Service (texting)
MPN - Microsoft Partner Network
MSP - Managed Service Provider
MSSP - Managed Security Service Provider
NaaS - Network as a Service
NAS - Network-attached Storage
NIST - National Institute of Standards & Technology
NOC - Network Operations Center
NRTC - National Rural Telecommunications Council
NSOC - Network Security Operations Center
OPT - Onboarding Process Team
OT - Operational Technology (also see IT)
OTP - One-time Password
QBR - Quarterly Business Review (see TBR or SBR)
PaaS - Platform as a Service
PAM - Privileged Access Management
PFF - Partial Fixed Fee (see FFF)
PMI - Project Management Institute
PMP - Project Management Professional
PoE - Power over Ethernet
PoP - Point of Presence
POTS - Plain Old Telephone Service
PPT - People Process & Technology (framework)
PURL - Personalized URL
RDC - Remote Data Collector
RDP - Remote Desktop Protocol
RHEM - Reactive Hours per Endpoint per Month
RPO - Recovery Point Objective
RTO - Recovery Time Objective
RMM - Remote Monitoring & Management
RMMS - Remote Monitoring, Management & Security
SaaS - Software as a Service
SAFe - Scaled Agile Framework
SAN - Storage Area Network
SAS - Serial Attached SCSI
SBR - Services Business Review (see QBR)
SD-WAN - Software Defined Wide Area Network (WAN)
SDK -Software Development Kit
SDN - Software Defined Networking
SME - Subject Matter Expert (also see SME in Business)
SMS - Short Message Service (texting)
SNI - Server Name Indication
SNMP - Simple Network Management Protocol
SOA - Service-Oriented Architecture
SSID - Service Set Identifier (wireless network)
SSD - Solid State Drive
SSO - Single Sign-on
TAM - Technology Alignment Manager (see CIO)
TBR - Technology Business Review (see QBR)
TCP/IP - Transmission Control Protocol / Internet Protocol
TML - Technology Maturity Level (Hixardt)
TPM - Trusted Platform Module (Microsoft)
UEM - Unified Endpoint Management
URL - Uniform Resource Locator
V-MaaS - Vulnerability Management-as-a-Service
VAN - Value-Added Network
vCIO - Virtual Chief Information Officer
vCSO - Virtual Chief Security Officer
VDI - Virtual Desktop Infrastructure
VLAN - Virtual LAN
VM - Virtual Machine
VMaaS - Vulnerability Management as a Service
VMUG - VMware User Group
VNF - Virtualized Network Function
VOIP - Voice Over Internet Protocol (IP)
VPN - Virtual Private Network
WAF - Web Application Firewall
WAN - Wide Area Network
WAP - Wireless Access Points
XaaS - Everything as a Service (also seen as EaaS)
Security and Compliance Acronyms
508 (compliance) - Fed Rehabilitation accessibility standards (see Section 508)
(ISC)2 - International Information Systems Security Certification Consortium
0-Day - Zero Day Vulnerability / Attack
2FA - Two-factor Authentication
ABDS - Advanced Breach Detection System
APT - Advanced Persistent Threat
APWG - Anti-Phishing Working Group
ATO - Account Takeover (exploit)
ATP - Advanced Threat Protection
ATPS - Advanced Threat Protection System
AVIEN - Anti-Virus Information Exchange Network
BCDR - Business Continuity and Disaster Recovery
BEC - Business Email Compromise
C2 (aka C&C) - Command and Control (server)
C3PAO - Certified Third-Party Assessor Organization (for CMMC)
CASB - Cloud Access Security Broker
CBPR - Cross Border Privacy Rules (Asia-Pacific)
CCPA - California Consumer Privacy Act
CDR - Content Disarm and Reconstruction (threat extraction)
CID - Client Identifying Data (see Govt/VA/Procurement)
CIR - Managed Cyber Incident Response
CIRP - Cyber Incident Response Planning
CIRT - Cyber Incident Response Team
CIS - Center for Internet Security
CISA (Agency) - Cybersecurity and Infrastructure Security Agency
CISA (Act)- Cybersecurity Information Sharing Act (of 2015)
CISO - Chief Information Security Officer
CISSP - Certified Information Systems Security Professional
CMMC - Cybersecurity Maturity Model Certification
CNAPP - Cloud Native Application Protection Platform
CND - Computer Network Defense
COBIT - Control Objectives for Information & Related Technologies
COI - Community of Interest
CSC - Critical Security Controls
CERT - Computer Emergency Response Team
CSIRT - Computer Security Incident Response Team
CSF - Cybersecurity Framework
CSO - Chief Security Officer
CSPM - Cloud Security Posture Management
CUI - Controlled Unclassified Information
CVE - Common Vulnerabilities & Exposures (report)
CWPP - Cloud Workload Protection Platform
DDoS - Distributed Denial of Service
DevSecOps - Development, Security, Operations (also see DevOps)
DIVD - Dutch Institute for Vulnerability Disclosure
DLP - Data Loss Prevention
DoH - DNS over HTTPS
DoS - Denial of Service
DRaaS - Disaster Recovery as a Service
EDR - Endpoint Detection & Response (see ETDR)
EPP - Endpoint Protection Platform
ESG - Environmental, Social and Governance
ETDR - Endpoint Threat Detection & Response (see EDR)
EW - Electronic Warfare
FERPA - Family Educational Rights and Privacy Act (Education)
FISMA - Federal Information Security Management Act (2002)
FISMA - Federal Information Security Modernization Act (2014)
GDPR - General Data Protection Regulation (EU)
HIE - Health Information Exchange
HIPAA - Health Insurance Portability And Accountability Act
HTTPS - Hypertext Transfer Protocol Secure
IA - Information Assurance
IAM - Identity & Access Management (aka IdM)
IBE - Identity-Based Encryption
IdM - Identity Management (aka IAM)
IDS/IDP - Intrusion Detection / Intrusion Detection and Prevention
IIHI - Individually Identifiable Health Information
InfoSec - Information Security
IoTSSA - Internet of Things Security Services Association
IPS - Intrusion Prevention System
IR - Incident Response (Plan) (see CIR and CIRP)
ISMS - Information Security Management System
ISO - International Organization for Standardization
ISP - Information Security Policy (also see ISP in IT / MSP)
ISSA - Information Security Self-Assessment
ISSO - Information Systems Security Officer
ISSPM - Information Systems Security Program Manager
ITAR - International Traffic in Arms Regulations
ITIL - Information Technology Infrastructure Library
IV&V - Independent Verification & Validation
KAV - Kaspersky Antivirus
KRI - Key Risk Indicator
MAD - Maximum Allowable Downtime
MDM - Mobile Data Management (see UEM)
MDR - Managed Detection & Response (see XDR)
MPR - Managed Prevention and Response (see XPR)
MPLS - Multiprotocol Label Switching
NAC - Network Access Control
NGFW - Next Generation Firewall
NIST 800-171 - Cybersecurity compliance framework that governs CUI
NIST CSF - NIST Cybersecurity Framework
NSE - Network Security Expert (Fortinet certification)
OPSEC - Operational Security
PCI - Payment Card Industry
PCI-DSS - Payment Card Industry Data Security Standard
PenTest - Penetration Test (authorized cyberattack, as a test)
PHI - Protected/Personal Health Information (relates to HIPAA)
PII - Personally Identifiable Information
PIPEDA - Personal Info Protection & Electronic Documents Act (Canada)
POAM - Plan of Action and Milestones (aka POA&M)
RMF - Risk Management Framework
RPO - Recovery Point Objective
RTO - Recovery Time Objective
SAML - Security Assertion Markup Language
SANS - System Administration, Networking, & Security Institute
SASE - Secure Access Service Edge (pronounced Sassy)
SCAP - Security Content Automation Protocol
SCUD - Secure Cloud Unified Defense
SIEM - Security Information & Event Management
SOC - Security Operation Center
SOC 1 - System & Organization Controls (see ICFR)
SOC 2 - Service Organization Control 2
SOX - Sarbanes-Oxley Act
SSL - Secure Socket Layer
SSP - System Security Plan
TaaS - Tape as a Service
TLS - Transport Layer Security
TNO - Trust No One
TOTP - Time-based One-Time Passwords
UEM - Unified Endpoint Management (see MDM)
VSA - Vendor Security Assessment
WAAP - Web Application & API Protection (see API)
XDR - Extended Detection & Response (see MDR, EDR)
XPR - Extended Protection & Response (see XDR)
ZTA - Zero Trust Architecture
ZTNA - Zero Trust Network Access
Business and Management Acronyms
8(a) - Minority-owned or Disadvantaged Business (Sec. 8A of Small Business Act)
AM - Acquisition Manager
ANSI - American National Standards Institute
ARPA - Advanced Research Projects Agency 1958-72, 1993-96 (now DARPA)
ARPANET - Advanced Research Projects Agency Network 1966-1990 (see ARPA)
ATO - Authority To Operate (see P-ATO)
BIC MAC - Best In Class Multiple Award Contract
BOS - Business Opportunity Sessions
CAC - Common Access Card (US DoD smart card technology)
CAG - Citrix Access Gateway
CAGE - Commercial and Government Entity (code via Defense Logistics Agency)
CESER - Office of Cybersecurity, Energy Security, and Emergency Response (under DOE)
CFR - Code of Federal Regulations
CID - Center for Information Dominance (US Navy) (see Security/Compliance)
CIO-SP4 - Chief Information Officer – Solutions and Partners IV
CISA - Cybersecurity & Infrastructure Security Agency (US DHS) (see CISA in IT/MSP)
CMS - Centers for Medicare & Medicaid Services (Govt) (see CMS in IT/MSP)
CO (or KO) - Contracting Officer
CONUS - Continental United States (see OCONUS)
COR - Contracting Officer's Representative
COTS - Commercial Off-the-Shelf
CPARS - Contractor Performance Assessment Reporting System
CTA - Contractor Teaming Arrangement
DARPA - Defense Advanced Research Projects Agency 1972-93, 1996-now (was ARPA)
DCAA - Defense Contract Audit Agency
DFAR - Defense Federal Acquisition Regulation
DFARS - Defense Federal Acquisition Regulation Supplement (see FAR)
DHA - Defense Health Agency
DHS - Department of Homeland Security
DIB - Defense Industrial Base
DoD - Department of Defense
DOE - Department of Energy
DOI - Department of the Interior
DOJ - Department of Justice
DOT - Department of Transportation
DRFP - Draft Request for Proposal
E&M - Evaluation & Management (for medical coding)
EDWOSB - Economically Disadvantaged Woman-Owned Small Business
EN/FPR - Evaluation Notices (EN) / Final Proposal Revision (FPR)
e-QIP - Electronic Questionnaires for Investigations Processing
E-Rate - Universal Service Program for Schools and Libraries (see USF)
ETS - Emergency Temporary Standard (OSHA, COVID-19)
FAR - Federal Acquisition Regulation (see DFARS)
FAS - Federal Acquisition Service
FCC - Federal Communications Commission
FCEB Agencies - Federal Civilian Executive Branch Agencies
FBO - Federal Business Opportunities (aka FedBizOpps)
FedRAMP - Federal Risk & Authorization Management Program
FIPS - Federal Information Processing Standards
FOIA - Freedom of Information Act
FPR - Federal Procurement Regulation
FRFP - Final Request for Proposal
FSC - Financial Services Center
FSC - Federal Supply Class (codes)
FTC - Federal Trade Commission
FSS - Federal Supply Service (GSA)
GAO - Government Accountability Office
GAO - Government Accountability Office
GovCon - Government Contractor
GPA - Government Procurement Agreement
GSA - General Services Administration
GSAR - General Services Acquisition (GSA) Regulation
GWAC - Governmentwide Acquisition Contract
HHS - Department of Health & Human Services
HIM - Health Information Management
HMS - Health Management System (Florida DoH)
HUBZone - Historically Underutilized Business Zone
HTRO - Highest Technically Rated Offeror
IC - Intelligence Community
IDIQ - Indefinite Delivery / Indefinite Quantity
LPTA - Lowest Price Technically Acceptable
MAS - Multiple-Award Schedule (contract)
MDBE - Minority Disadvantaged Business Enterprise
MFMP - My Florida Market Place (state portal)
NCD - National Cyber Director
NDVSB - National Diversity Veteran Small Business (eMarketplace)
NIST - National Institute of Standards & Technology
NITAAC - Nat. Institutes of Health IT Acquisition and Assessment Center
NVBDC - National Veteran Business Development Council
OCI - Organizational Conflicts of Interest
OCONUS - Outside the Continental United States (see CONUS)
OMB - Office of Management and Budget
OPM - U.S. Office of Personnel Management
OSBDU - Office of Small & Disadvantaged Business Utilization
OSD - Office of Supplier Diversity (certification, Florida)
OSHA - Occupational Safety and Health Administration
P-ATO - Provisional Authority to Operate (see ATO)
PAO - Public Affairs Officer / Public Affairs Office
PCO - Procurement Contracting Officer
PMO - Program Management Officer / Project Management Office
POP - Period of Performance
PSC - Product & Service Code
PSS - Professional Services Schedule
PTAC - Procurement Technical Assistance Center
PWS - Performance Work Statement
RFI - Request for Information
RFP - Request for Proposal
RFQ - Request for Quote
RMUC - Rural/Municipal Utility Cybersecurity (DOE program)
SAM - System for Award Management
SBDC - Small Business Development Center
SBIR - Small Business Innovation Research
SBL - Small Business Liaison
SDB - Small Disadvantaged Business
SDM - Supplier Diversity Manager
SDVOSB - Service-Disabled Veteran-Owned Small Business
SIN - Special Item Number
SLED - State, Local, Education (government)
SOC - Strategic Outreach and Communications (VA office)
SPIN - Superannuation Product Identification Number
SPRS - Supplier Performance Risk System
STTR - Small Business Technology Transfer
T&C (aka Ts&Cs) - Terms & Conditions
TGMS - Trading Grid Messaging System
TLA - Three-Letter Acronym (irony)
TAA - Trade Agreements Act
UCG - Cyber Unified Coordination Group
UEI - Unique Entity Identifier (formally DUNS)
USAC - Universal Service Administrative Company
USF - Universal Service Fund (administered by the USAC)
VA - Department of Veterans Affairs
VAAR - Veterans Administration Acquisition Regulation (see FAR)
VBS - Vendor Bid System (see MFMP)
VIP - Vendor Information Portal (see MFMP)
VistA - Veterans Health Information Systems & Technology Architecture
VOSB - Veteran-Owned Small-Business
WOSB - Woman-Owned Small Business
Wrap Rate - Referred to as the direct labor “multiplier” ≈ 1.50-2.25
ABM - Account-Based Marketing
ACH - Automated Clearing House (network in banking)
ADA - Americans with Disabilities Act
ADKAR - Awareness, Desire, Knowledge, Ability and Reinforcement
AIDA - Attention Interest Desire Action (marketing/advertising writing hierarchy)
AIML - Artificial Intelligence Markup Language
AMP - Accelerated Mobile Pages (website)
AP - Accounts Payable
API - Application Program Interface
AR - Accounts Receivable
ARR - Annual Recurring Revenue (see MRR)
B2B - Business to Business
B2C - Business to Consumer
B2G - Business to Government
BANT - Budget, Authority, Need, Timing (B2B sales qualifier)
BCR - Benefit Cost Ratio
BD - Business Development (also BizDev or Biz Dev)
BHAG - Big Hairy Audacious Goal
BMS - Business Management System
BRM - Business Relationship Management
BVA - Business Value Assessment
CCP - Crisis Communication Protocol
CCPA - California Consumer Privacy Act (online privacy regulation)
CDP - Customer Data Platform
CEO - Chief Executive Officer
CIO - Chief Information Officer
CFO - Chief Financial Officer
CGO - Chief Government Officer
CMO - Chief Marketing Officer
CMS - Content Management System (Web) (see CMS in IT/MSP & Govt/VA)
CO-OP - Marketing Funds (see MDF in Business)
COA - Chart of Accounts
COB - Close of Business
COGS - Cost of Goods Sold
COI - Centers of Influence
COO - Chief Operating Officer
CSO - Chief Security Officer
CTO - Chief Technical Officer
CRM - Customer Relationship Management / Manager
CSAT - Customer Satisfaction (score)
CSM - Customer Service / Success Manager
CX - Customer Experience
CXM - Customer Experience Management (or CEM)
DACI Matrix - Driver, Approver, Contributor, Informed
DRIP - Differentiate, Reinforce, Inform & Persuade (marketing)
DUNS - Data Universal Numbering System (via Dun & Bradstreet)
EBITDA - Earnings Before Interest, Taxes, Depreciation & Amortization
EFT - Electronic Funds Transfer
EOD - End Of Day
EFT - Electronic Funds Transfer
ESM - Enterprise Service Management
ERP - Enterprise Resource Planning
ESM - Enterprise Service Management (see CSM)
EX - Employee Experience (see TX)
FFP - Firm Fixed Price
FRB - Federal Reserve Board
FTA - First-time Appointment (sales)
FTE - Full-time Employee
FUD - Fear, Uncertainty and Doubt
GA4 - Google Analytics 4
GC - General Council
GDPR - General Data Protection Regulation (EU online privacy regulation)
HBCU - Historically Black Colleges & Universities
ICFR - Internal Control over Financial Reporting
ICP - Ideal Customer Profile
ICYMI - In Case You Missed It
IDEA - Inclusion, Diversity, Equity, & Access
IPO - Initial Public Offering
KDM - Key Decision Maker
KPI - Key Performance Indicator
LOA - Letter Of Agency
LOB - Line of Business
LOI - Letter Of Intent
MDF - Market Development Funds (see CO-OP in Business)
MOM - Month Over Month
MQL - Marketing Qualified Lead (see SQL in Business)
MRR - Monthly Recurring Revenue (see ARR)
MSA - Master Service Agreement (Better)
MSA - Managed Service Agreement
MTD - Month to Date
MX - Multiexperience (see UX & CX)
NAICS - North American Industry Classification System (see SIC)
NAV - Net Asset Value
NCND - Non-Circumvent & Non-Disclosure
NDA - Nondisclosure Agreement
NNN - Net, Net, Net (aka Triple Net)
NRR - Non-Recurring Revenue (Services)
NPS - Net Promoter Score
NSFW - Not Safe for Work
OKR - Objectives & Key Results
OOO - Out of Office
ORR - Other Recurring Revenue
P&L - Profit & Loss
P/E - Price-to-Earnings Ratio
PBR - Prospective Business Report (TruMethods)
PM - Project Manager
POC - Point of Contact
PR - Public Relations
PSA - Professional Services Automation
PSR - Partner Sales Representative (Abstrakt)
PTO - Paid Time Off
RACI Matrix - Responsible, Accountable (or Approver), Consulted, Informed
RASCI - Responsible, Accountable, Supports, Consulted, Informed
ROAS - Return On Advertising Spend
ROI - Return On Investment
SAP - Systems Applications & Products (data processing)
SDR - Sales Development Representative
Section 508 - Fed Rehabilitation re. physical & digital accessibility standards
SEO - Search Engine Optimization
SERP - Search Engine Results Page
SIC - Standard Industrial Classification (d/c in 1997, see NAICS)
SKU - Stock Keeping Unit
SLA - Service Level Agreement (see XLA)
SMART (goals) - Specific, Measurable, Achievable, Relevant, & Time-bound
SMB - Small & Medium Business
SME - Small & Medium Enterprise (also see SME in IT)
SOP - Stsandard Operating Procedure
SOW - Scope of Work (Better)
SOW - Statement of Work
SPIF - Sales Promotion Incentive Fund (aka SPIFF)
SQL - Sales Qualified Lead (see MQL, includes Intent)
SRMSDC - Southern Region Minority Supplier Development Council
SWOT - Strengths, Weaknesses, Opportunities & Threats
TCO - Total Cost of Ownership
TOS - Terms of Service
TX - Total Experience (see UX + CX + EX + MX)
UI - User Interface
USP - Unique Selling Proposition
UVP - Unique Value Proposition
UX - User Experience (see EX)
USP - Unique Selling Proposition
VAR - Value-Added Reseller
VOC - Voice of the Customer (marketing)
XLA - Experience Level Agreement (see SLA)
YTD - Year to Date
Keeping up with the ever-expanding world of IT, compliance, and management acronyms can be quite a challenge. That's why we compile and curate these comprehensive acronym lists. The goal is to help provide a quick reference for you (and us) to stay current with these need-to-know IT industry-related phrases. As new acronyms emerge, we'll keep updating our lists to ensure that you have the most accurate and up-to-date IT acronym definitions at your fingertips (refer to the update date at the top of the page).
Please feel free to share any acronym suggestions that are not on this list via email or Twitter. If you'd like to stay ahead of the curve, subscribe to our newsletter for the latest updates and insights in the world of IT managed services and cybersecurity, and join our communities online via LinkedIn and Facebook. Together, we can transform the daunting world of IT acronyms into an accessible and empowering knowledge base.
