Acronyms
Common security and privacy acronyms used at CMS
CMS Slack Channel- #ispg-sec_privacy-policy
For definitions of cybersecurity and privacy terms, we use the online glossary provided by the National Institute of Standards and Technology (NIST). Visit the NIST glossary here.
For CMS security and privacy acronyms, see the list below.
A - C
AC - Access Control
ADO - Application Development Organization
AO - Authorizing Official
ARS - Acceptable Risk Safeguards
ASFR - Assistant Secretary for Financial Resources
ATO - Authority to Operate
AT - Awareness and Training
AU - Audit and Accountability
AV - Anti-Virus
BAA - Business Associate Agreement
BAT - Breach Analysis Team
BOD - Binding Operational Directive
CA - Security Assessment and Authorization
CAO - Chief Acquisition Officer
CCB - Change Control Board
CCIC - CMS Cybersecurity Integration Center
CDM - Continuous Diagnostics and Mitigation
CDO - Chief Data Officer
CFACTS - CMS FISMA Continuous Tracking System
CFO - Chief Financial Officer
CFR - Code of Federal Regulations
CHIP - Children’s Health Insurance Program
CIO - Chief Information Officer
CISO - Chief Information Security Officer
CLD - Cloud Computing
CMS IS2P2 - CMS Information Systems Security and Privacy Policy
CM - Configuration Management
CMA - Computer Matching Agreements
CMS - Centers for Medicare & Medicaid Services
CMS CLD - CMS Cloud Computing
CO - Contracting Officer
COO - Chief Operating Officer
COOP - Continuity of Operations
COR - Contracting Officer’s Representative
CP - Contingency Planning
CPIC - Capital Planning and Investment Control
CRA - Cyber Risk Advisor
CTO - Chief Technology Officer
CSIRC - Computer Security Incident Response Center
CSP - Cloud Service Provider
CSRAP - Cybersecurity Risk Assessment Program
CTI - Cyber Threat Intelligence
D - I
DGB - Data Governance Board
DHS - Department of Homeland Security
DI - Data Quality and Integrity
DIB - Data Integrity Board
DoD - Department of Defense
DSI - Physical Security and Strategic Information
DUA - Data Use Agreement
EA - Enterprise Architecture
EPLC - Enterprise Performance Life Cycle
E.O. - Executive Order
EOD - Entry on Duty
FedRAMP - Federal Risk and Authorization Management Program
FIPP - Fair Information Practice Principles
FIPS - Federal Information Processing Standard
FISCAM - Federal Information Systems Controls Audit Manual
FISMA - Federal Information Security Modernization Act of 2014
FOIA - Freedom of Information Act
FTI - Federal Tax Information
GAO - Government Accountability Office
HHS - Department of Health and Human Services
HHSAR - Health and Human Services Acquisition Regulation
HIDS - Host-Based Intrusion Detection System
HIM - Health Insurance Marketplace
HIPAA - Health Insurance Portability and Accountability Act of 1996
HITECH - Health Information Technology for Economic and Clinical Health
HSTS - HTTP Strict Transport Security
HTTP - Hypertext Transport Protocol
HVA - High Value Asset
IA - Identification and Authentication
IEC - International Electro Technical Commission
IOC - Indicators of Compromise
IP - Individual Participation and Redress
IR - Incident Response
IRS - Internal Revenue Service
IRT - Incident Response Team
IS2P - HHS Information Systems Security and Privacy Policy
IS2P2 - CMS Information Systems Security and Privacy Policy
ISA - Information Sharing Agreement
ISCM - Information Security Continuous Monitoring
ISCP - Information System Contingency Plan
ISO - Information System Owner, Information Security Officer, International Standards Organization
ISPG - Information Security and Privacy Group
ISRA - Information Security Risk Assessment
ISSO - Information System Security Officer
ISSOaas - ISSO As A Service
ISSOCS - ISSO Contractor Support
IT - Information Technology
ITIRB - IT Investment Review Board
J - P
LDS - Limited Data Set
MA - Maintenance
MOA - Memorandum of Agreement
MOU - Memorandum of Understanding
MP - Media Protection
MTD - Maximum Tolerable Downtime
NARA - National Archives and Records Administration
NICE - National Initiative for Cybersecurity Education
NIST - National Institute of Standards and Technology
NSA - National Security Agency
NSL - National Security Letter
O&M - Operations and Maintenance
OA - Office of the Administrator
OAGM - Office of Accounts and Grants Management
OE - Operations Executive
OEDA - Office of Enterprise Data and Analytics
OGAPA - Office of Grants and Acquisition Policy and Accountability
OGC - Office of General Counsel
OIG - Office of the Inspector General
OIT - Office of Information Technology
OMB - Office of Management and Budget
OPDIV - Operating Division
OSSI - Office of Security and Strategic Information
PE - Physical and Environmental Protection
PHI - Protected Health Information
PIA - Privacy Impact Assessment
PII - Personally Identifiable Information
PIRT - Privacy Incident Response Team
PIV - Personal Identity Verification
PL - Planning
PM - Program Management
PMO - Program Management Office
POA&M - Plan of Action and Milestones
POC - Point of Contact
PPSO - Personnel and Physical Security Officer
PS - Personnel Security
PSME - Privacy Subject Matter Expert
R - Z
RA - Risk Assessment
RBT - Role-Based Training
RMF - Risk Management Framework
RMH - Risk Management Handbook (this is being retired)
RoB - Rules of Behavior
RPO - Recovery Point Objective
RTO - Recovery Time Objective
SA - System and Services Acquisition
SA&A - Security Assessment and Authorization
SA&E - Security Architecture and Engineering
SC - System and Communications Protection
SCRM - Supply Chain Risk Management
SDLC - System Development Life Cycle
SE - Security
SES - Senior Executive Service
SI - System and Information Integrity
SIA - Security Impact Analysis
SOC - Security Operations Center
SOP - Senior Official for Privacy, Standard Operating Procedure
SOR - System of Records
SORN - System of Records Notice
SOW - Statement of Work
SP - Special Publication
SPMC - Strategic Planning Management Council
SSPP - System Security and Privacy Plan
SSR - Significant Security Responsibilities
TLS - Transport Layer Security
TR - Transparency
TRB - Technical Review Board
TRA - Technical Reference Architecture
UL - Use Limitation
USC - United States Code