| ABAC |
Attribute-Based Access Control: A method of restricting access based on attributes such as user, resource, and environment. |
| AI |
Artificial Intelligence: The simulation of human intelligence in machines that can perform tasks such as learning and problem-solving. |
| CNAPP |
Cloud-Native Application Protection Platform: A security solution designed to protect cloud-native applications and infrastructure. |
| CVE |
Common Vulnerabilities and Exposures: A list of publicly disclosed cybersecurity vulnerabilities. |
| CVSS |
Common Vulnerability Scoring System: A standardized framework for rating the severity of security vulnerabilities. |
| CWE |
Common Weakness Enumeration: A list of common software weaknesses that can lead to vulnerabilities. |
| DAST |
Dynamic Application Security Testing: A method of testing applications in runtime to identify vulnerabilities. |
| EDR |
Endpoint Detection and Response: A security solution focused on detecting and responding to threats on endpoint devices. |
| GRC |
Governance, Risk, and Compliance: A framework for managing an organization's governance, risk management, and compliance with regulations. |
| IAM |
Identity and Access Management: A framework for managing digital identities and controlling access to resources. |
| IAST |
Interactive Application Security Testing: A security testing method that analyzes applications during runtime to identify vulnerabilities. |
| IR |
Incident Response: The process of identifying, managing, and mitigating security incidents. |
| MDM |
Mobile Device Management: A solution to manage and secure mobile devices used in an organization. |
| MFA |
Multi-Factor Authentication: A security mechanism requiring multiple forms of verification to access a system. |
| NIST |
National Institute of Standards and Technology: A U.S. government agency that develops cybersecurity standards and guidelines. |
| OLA |
Operational Level Agreement: An agreement between internal teams to support the delivery of a service as defined in an SLA. |
| OWASP |
Open Web Application Security Project: A nonprofit organization focused on improving the security of software. |
| RASP |
Runtime Application Self-Protection: A security technology that monitors and protects applications during runtime. |
| RBAC |
Role-Based Access Control: A method of restricting access to resources based on user roles. |
| SARIF |
Static Analysis Results Interchange Format: A standardized format for the output of static analysis tools. |
| SAST |
Static Application Security Testing: A method of analyzing source code for vulnerabilities without executing the application. |
| SBOM |
Software Bill of Materials: A detailed list of components, libraries, and dependencies used in a software application. |
| SCA |
Software Composition Analysis: A process to identify and manage open-source components and their vulnerabilities in software. |
| SIEM |
Security Information and Event Management: A system that collects, analyzes, and manages security data from across an organization. |
| SLA |
Service Level Agreement: A contract that defines the level of service expected between a provider and a customer. |
| SOC |
Security Operations Center: A centralized team responsible for monitoring, detecting, and responding to security incidents. |
| SSO |
Single Sign-On: A user authentication process that allows access to multiple systems with one set of credentials. |
| TDR |
Threat Detection and Response: A process or solution for identifying and responding to security threats. |
| XDR |
Extended Detection and Response: A security solution that integrates multiple security products into a unified platform for threat detection and response. |