This article consolidates NIST and security-control-related acronyms and key concepts used in Paramify. It supports questions about NIST control families, risk management, and security program activities.
Acronyms
| # | Acronym | Full Name | Definition |
|---|---|---|---|
| 1 | AC | Access Control | Controls that manage who can access systems, data, and resources. |
| 2 | AAL | Authenticator Assurance Level | A NIST identity standard describing authentication strength. |
| 3 | AU | Audit and Accountability | Controls related to logging, monitoring, and accountability. |
| 4 | CA | Security Assessment and Authorization | Controls for assessing systems and granting authorization decisions. |
| 5 | CIA | Confidentiality, Integrity, Availability | The core security objectives for information and systems. |
| 6 | CM | Configuration Management | Controls to establish, maintain, and track secure configurations. |
| 7 | CUI | Controlled Unclassified Information | Sensitive information requiring safeguards but not classified. |
| 8 | CVSS | Common Vulnerability Scoring System | A standardized scoring method for vulnerability severity. |
| 9 | IA | Identification and Authentication | Controls ensuring users are uniquely identified and authenticated. |
| 10 | IR | Incident Response | Controls for detecting, responding to, and recovering from incidents. |
| 11 | MA | Maintenance | Controls ensuring system maintenance is performed securely. |
| 12 | MP | Media Protection | Controls protecting digital and physical media from unauthorized access. |
| 13 | PE | Physical and Environmental Protection | Controls protecting facilities and physical environments. |
| 14 | PL | Planning | Controls supporting security planning and policy requirements. |
| 15 | PS | Personnel Security | Controls ensuring personnel are trustworthy and managed appropriately. |
| 16 | RA | Risk Assessment | Controls that identify and evaluate risk to systems and organizations. |
| 17 | RMF | Risk Management Framework | NIST's process for managing security and privacy risk across the system lifecycle. |
| 18 | SA | System and Services Acquisition | Controls ensuring security is built into acquisition and development. |
| 19 | SC | System and Communications Protection | Controls protecting networks and communications. |
| 20 | SI | System and Information Integrity | Controls ensuring systems operate correctly and resist threats. |
Glossary
| # | Term | Definition |
|---|---|---|
| 1 | Control Family | A grouping of related security controls in NIST (e.g., AC, AU, IR). |
| 2 | Control Implementation | How an organization puts a control into practice (people, process, and technology). |
| 3 | Baseline (NIST) | A standard set of security controls selected to meet an impact level (Low/Moderate/High). |
| 4 | Tailoring | Adjusting a control baseline to fit a specific system while still meeting requirements. |
| 5 | Continuous Monitoring (ISCM) | Ongoing assessment of controls and risk posture over time. |
| 6 | Authorization | A formal decision that a system is acceptable to operate based on risk. |
| 7 | Security Control | A safeguard (technical/administrative/physical) used to reduce risk. |
| 8 | Assessment | Evaluating whether controls are correctly implemented and operating as intended. |
| 9 | Inheritance | Using controls provided by another system/provider as part of your authorization boundary. |
| 10 | Common Controls | Controls shared across multiple systems (e.g., corporate identity, logging, facilities). |
Comments
0 comments
Please sign in to leave a comment.