System And Network Security Acronyms And Abbreviations

Transcription

NIST Interagency Report 7581September 2009System and Network SecurityAcronyms and AbbreviationsKaren ScarfoneVictoria Thompson

NIST Interagency Report 7581September 2009System and Network Security Acronymsand AbbreviationsKaren ScarfoneVictoria ThompsonC O M P U T E RS E C U R I T YComputer Security DivisionInformation Technology LaboratoryNational Institute of Standards and TechnologyGaithersburg, MD 20899-8930September 2009U.S. Department of CommerceGary Locke, SecretaryNational Institute of Standards and TechnologyPatrick D. Gallagher, Deputy Director

SYSTEM AND NETWORK SECURITY ACRONYMS AND ABBREVIATIONSReports on Computer Systems TechnologyThe Information Technology Laboratory (ITL) at the National Institute of Standards and Technology(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’smeasurement and standards infrastructure. ITL develops tests, test methods, reference data, proof ofconcept implementations, and technical analysis to advance the development and productive use ofinformation technology. ITL’s responsibilities include the development of technical, physical,administrative, and management standards and guidelines for the cost-effective security and privacy ofsensitive unclassified information in Federal computer systems. This Interagency Report discusses ITL’sresearch, guidance, and outreach efforts in computer security and its collaborative activities with industry,government, and academic organizations.National Institute of Standards and Technology Interagency Report 758132 pages (Sep. 2009)Certain commercial entities, equipment, or materials may be identified in thisdocument in order to describe an experimental procedure or concept adequately.Such identification is not intended to imply recommendation or endorsement by theNational Institute of Standards and Technology, nor is it intended to imply that theentities, materials, or equipment are necessarily the best available for the purpose.ii

SYSTEM AND NETWORK SECURITY ACRONYMS AND ABBREVIATIONSAcknowledgmentsThe authors, Karen Scarfone of the National Institute of Standards and Technology (NIST) and VictoriaThompson of Booz Allen Hamilton, wish to thank their colleagues who reviewed drafts of this report,particularly Liz Lennon and Tim Grance of NIST. Thanks also go to individuals and organizations thatsubmitted suggestions, particularly Tim Kramer, Mark Seecof, the U.S. Department of Energy, and theU.S. Department of State. The authors also thank their colleagues who created acronym and abbreviationlists for their publications that were subsequently used as sources of information for this report.Trademark InformationAll names are registered trademarks or trademarks of their respective companies.Note to ReviewersReviewers are encouraged to submit additional acronyms and abbreviations related to system and networksecurity, particularly for emerging technologies, for consideration as additions to this report. Allsuggestions and corrections should be sent to securityacronyms@nist.gov.iii

SYSTEM AND NETWORK SECURITY ACRONYMS AND ABBREVIATIONSTable of Contents1.Introduction .12.Acronym and Abbreviation List.2Numeric. 2A. 2B. 3C . 4D . 6E. 7F. 8G . 9H . 10I . 11J . 13K. 13L . 13M . 14N . 15O . 17P. 17Q . 19R . 19S. 20T. 22U . 23V. 24W. 24XYZ . 25UAppendix A— References .26Appendix B— Former Acronyms .27iv

SYSTEM AND NETWORK SECURITY ACRONYMS AND ABBREVIATIONS1.IntroductionThis report contains a list of selected acronyms and abbreviations for system and network security termswith their generally accepted or preferred definitions. It is intended as a resource for federal agencies andother users of system and network security publications.The capitalization, spelling, and definitions of acronyms and abbreviations frequently vary amongpublications. It is easy to understand why this happens. While some acronyms and abbreviations (e.g.,WWW) have one universally recognized and understood definition within the domain of system andnetwork security, others (e.g., IA, MAC) have multiple valid definitions depending upon the context inwhich they are used. Some acronyms bear little resemblance to their definitions, such as Modes ofOperation Validation System for the Triple DES Algorithm (TMOVS). Others use unexpectedcapitalization or spelling (e.g., Electronic Business using eXtensible Markup Language [ebXML] andOrganisation for Economic Co-operation and Development [OECD]). As a result, acronyms,abbreviations, and their definitions may be inaccurately or inconsistently defined by authors, perpetuatingerrors and confusing or misleading readers.This report is meant to help reduce these errors and confusion by providing the generally accepted orpreferred definitions of a list of frequently used acronyms and abbreviations. The list does not include allsystem and network security terms, nor is it a compendium of every acronym and abbreviation found insystem and network security documents published by NIST. Readers should refer to each document’s listof acronyms and abbreviations (typically found in an appendix) for definitions applicable to thatparticular document.The following conventions have been used in the preparation of the list of acronyms and abbreviations inthis report.Abbreviations and acronyms generally appear in all capital letters, although there are occasionalexceptions—for example, meter (m) and decibels referenced to one milliwatt (dBm).Technical terms are not capitalized unless they are proper nouns. Names of people, places, andgroups, and the titles of protocols, standards, and algorithms are considered proper nouns. Forexample, certification and accreditation (C&A) is not capitalized, but Advanced Encryption Standard(AES) is capitalized.Collective nouns are not capitalized (e.g., wide area network [WAN]).When two or more definitions of the same acronym or abbreviation are given, the acronym orabbreviation is italicized and repeated for each definition. Definitions are listed alphabetically.1

SYSTEM AND NETWORK SECURITY ACRONYMS AND ABBREVIATIONS2.Acronym and Abbreviation ListThis section consists of a list of selected system and network security acronyms and abbreviations, alongwith their generally accepted definitions. When there are multiple definitions for a single term, theacronym or abbreviation is italicized and each definition is listed separately.Numeric1xRTT3DES3G3GPP3GPP2one times radio transmission technologyTriple Data Encryption Standard3rd Generation3rd Generation Partnership Project3rd Generation Partnership Project IAPAPIaddress resource record typeABAC attribute authorityauthentication, authorization, and accountingauthentication, authorization, and accounting keyadditional authenticated dataafter action reportadaptive antenna systemattribute-based access controlaccess control entryaccess control listAssociation for Computing Machineryauthenticated cipher offsetActive Directoryauthenticated dataalternate data streamAdvanced Encryption StandardAdvanced Encryption Standard-Cipher Block ChainingAdvanced Encryption Standard-Counter Modeadaptive frequency hoppingassisted global positioning systemAuthentication Headerautomatic identification and data captureAssociation for Automatic Identification and Mobilityautomatic identification technologyAsynchronous JavaScript and XMLauthorization keyauthorization key identifierauthentication and key managementapplication layer gatewayAmerican National Standards Instituteaccess pointapplication programming interface2

SYSTEM AND NETWORK SECURITY ACRONYMS AND ABBREVIATIONSAPWGARINARPARPAASASASASCASC Phishing Working GroupAmerican Registry for Internet NumbersAddress Resolution ProtocolAdvanced Research Projects Agencyauthentication serverauthentication serviceautonomous systemAnti-Spyware CoalitionAccredited Standards Committee X9American Standard Code for Information Interchangeaddress space layout randomizationautonomous system numberAbstract Syntax Notation 1active server pagesAdvanced Technology AttachmentAnnouncement Traffic Indication Messageasynchronous transfer modeautomated teller machineantivirusAnti-Virus Information Exchange Networkattribute-value businessbest current practicebusiness continuity planBorder Gateway ProtocolBorder Gateway Protocol 4Bump-in-the-APIbusiness impact analysisBiometric Application Programming Interfacebasic input/output systemBump-in-the-StackBusiness Process Modeling LanguageBusiness Process Specification Schemabusiness recovery (resumption) planbase stationbase station controllerBritish Standards InstitutionBritish Security Industry Associationbest security practicebasic service setbasic service set identifierbetter-than-nothing-securitybase transceiver stationbinding updatebinding update acknowledgement3

SYSTEM AND NETWORK SECURITY ACRONYMS AND BC-MACCBEFFCCCCE D-ROMCD-RWCEOCERIASCERTCERT PCIPCcertification and accreditationcertificate authoritycertification agentcertification authoritycommon access cardCooperative Association for Internet Data AnalysisCompletely Automated Public Turing Test to Tell Computers and Humans ApartComputer Antivirus Research OrganizationCryptographic Algorithm Validation ProgramCipher Block ChainingCipher Block Chaining Message Authentication CodeCommon Biometric Exchange File FormatCommon CriteriaCommon Configuration EnumerationCommon Criteria Evaluation and Validation SchemeComputer Crime and Intellectual Property Sectioncomplementary code keyingCounter Mode with CBC-MACCounter Mode with CBC-MAC ProtocolCommon Criteria Recognition ArrangementCommon Configuration Scoring Systemcountry code top-level domainchecking disabledcompact disccompact disc file systemcode division multiple accesscompact disc-recordablecompact disc-read only memorycompact disc-

system and network security terms, nor is it a compendium of every acronym and abbreviation found in system and network security documents published by NIST. Readers should refer to each document’s list of acronyms and abbreviations (typically found in an appendix) for definitions applicable to that particular document. The following conventions have been used in the preparation of the list .