Skip to content

Acronyms

Term Definition
ABAC Attribute-Based Access Control: A method of restricting access based on attributes such as user, resource, and environment.
AI Artificial Intelligence: The simulation of human intelligence in machines that can perform tasks such as learning and problem-solving.
CNAPP Cloud-Native Application Protection Platform: A security solution designed to protect cloud-native applications and infrastructure.
CVE Common Vulnerabilities and Exposures: A list of publicly disclosed cybersecurity vulnerabilities.
CVSS Common Vulnerability Scoring System: A standardized framework for rating the severity of security vulnerabilities.
CWE Common Weakness Enumeration: A list of common software weaknesses that can lead to vulnerabilities.
DAST Dynamic Application Security Testing: A method of testing applications in runtime to identify vulnerabilities.
EDR Endpoint Detection and Response: A security solution focused on detecting and responding to threats on endpoint devices.
GRC Governance, Risk, and Compliance: A framework for managing an organization's governance, risk management, and compliance with regulations.
IAM Identity and Access Management: A framework for managing digital identities and controlling access to resources.
IAST Interactive Application Security Testing: A security testing method that analyzes applications during runtime to identify vulnerabilities.
IR Incident Response: The process of identifying, managing, and mitigating security incidents.
MDM Mobile Device Management: A solution to manage and secure mobile devices used in an organization.
MFA Multi-Factor Authentication: A security mechanism requiring multiple forms of verification to access a system.
NIST National Institute of Standards and Technology: A U.S. government agency that develops cybersecurity standards and guidelines.
OLA Operational Level Agreement: An agreement between internal teams to support the delivery of a service as defined in an SLA.
OWASP Open Web Application Security Project: A nonprofit organization focused on improving the security of software.
RASP Runtime Application Self-Protection: A security technology that monitors and protects applications during runtime.
RBAC Role-Based Access Control: A method of restricting access to resources based on user roles.
SARIF Static Analysis Results Interchange Format: A standardized format for the output of static analysis tools.
SAST Static Application Security Testing: A method of analyzing source code for vulnerabilities without executing the application.
SBOM Software Bill of Materials: A detailed list of components, libraries, and dependencies used in a software application.
SCA Software Composition Analysis: A process to identify and manage open-source components and their vulnerabilities in software.
SIEM Security Information and Event Management: A system that collects, analyzes, and manages security data from across an organization.
SLA Service Level Agreement: A contract that defines the level of service expected between a provider and a customer.
SOC Security Operations Center: A centralized team responsible for monitoring, detecting, and responding to security incidents.
SSO Single Sign-On: A user authentication process that allows access to multiple systems with one set of credentials.
TDR Threat Detection and Response: A process or solution for identifying and responding to security threats.
XDR Extended Detection and Response: A security solution that integrates multiple security products into a unified platform for threat detection and response.