“Guide to Secure Web Services (NIST SP 800-95),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2007.
“Guide to SSL VPNs (NIST SP 800-113 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2007.
“Guide to Storage Encryption Technologies for End User Devices (NIST SP 800-111 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2007.
“Guidelines on Cell Phone Forensics (NIST SP 800-101),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, May 2007.
“Guidelines on Cell Phone and PDA Security (NIST SP800-124),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, October 2008.
“Guidelines on Electronic Mail Security (NIST SP 800-45, Version 2),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, February 2007.
“Guidelines on Firewalls and Firewall Policy (NIST SP 800-41 Revision 1),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, September 2009.
“Guidelines on Security and Privacy in Public Cloud Computing (NIST SP 800-144 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, January 2011.
“Information Assurance Technical Framework (IATF),” National Security Agency (NSA), Release 3.1, Fort Meade, Maryland, September 2002.
“Information Security Continuous Monitoring for Federal Information Systems and Organizations (NIST SP800-137 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, December 2010.
“The Institute of Electrical and Electronics Engineers, Inc.,” IEEE Standard 802-2001, New York, New York, Copyright 2002.
“Institute of Standards and Technology (NIST),” U.S. Department of Commerce, Gaithersburg, Maryland, June 2010.
“Managing Information Security Risk (NIST SP800-39),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, March 2011.
“Managing Risk from Information Systems: An Organizational Perspective (NIST SP800-39),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, April 2008.
“Piloting Supply Chain Risk Management Practices for Federal Information Systems (NISTIR7622 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, June 2010.
“Recommended Security Controls for Federal Information Systems and Organizations (NIST SP800-53 R3),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2009.
“Service Component-Based Architectures, Version 2.0,” CIO Council, June 2004 (www.cio.gov).
Tanenbaum, Andrew S.
“Technical Guide to Information Security Testing (NIST SP 800-115 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, November 2007.
“Telecommunications: Glossary of Telecommunication Terms, Federal Standard 1037C,” U.S. General Services Administration (GSA), Washington, DC, August 1996.
“User’s Guide to Securing External Devices for Telework and Remote Access (NIST SP 800-114),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, November 2007.
“Wikipedia Encyclopedia,” Definitions for certain terms were adapted from Wikipedia (www.wikipedia.org).
This appendix consists of a list of selected information system and network security acronyms and abbreviations, along with their generally accepted definitions. When there are multiple definitions for a single term, the acronym or abbreviation is stacked next to each other.
Numeric
Two key triple DEA
Three key triple DEA
Three key triple data encryption standard
First generation of analog wireless technology
Second generation of digital wireless technology
Third generation of digital wireless technology
Fourth generation of digital wireless technology
A
Authentication, authorization, accounting
Attribute-based access control
Access control entry
Acknowledgment
Access control list
Advanced data communication control procedure
Asymmetric digital subscriber line
Advanced encryption standard
Advanced encryption standard – Cipher block chaining
Advanced encryption standard – Counter mode
Authentication header