Omnissa Technical Acronyms

Overview

This document provides a list of acronyms and respective definitions that you may encounter in the Workspace ONE or Horizon Cloud Service (HCS) platforms and the security series, including:

• Workspace ONE Compliance with the 14 NCSC Cloud Security Principles
• Workspace ONE Cloud Services Security
• Horizon Cloud Service next-gen Alignment with the ACSC ISM
• Horizon Cloud Service - next-gen Cloud Security Whitepaper
• Germany Cloud Computing Compliance Criteria Catalogue (C5)
• Workspace ONE Cloud Services Alignment with NIST SP 800-171
• Workspace ONE UEM Cloud Service Alignment with the ACSC Information Security Manual (ISM)

A - B

Acronyms from A through B:

• ACL - Access control list (ACL)
• ACSC - Australian Cyber Security Centre (ACSC)
• AD - Active Directory (AD)
• ADFS - Active Directory Federation Services (ADFS)
• AES - Advanced Encryption Standard (AES)
• AMI - Amazon Machine Images (AMI)
• AoC PCI - Attestation of Compliance (AoC) Payment Card Industry (PCI)
• APAC - Asia-Pacific region (APAC)
• API - Application programming interface (API)
• ASF - Defensive-centric perspective (ASF)
• ASV - Approved Scanning Vendor (ASV)
• AV - Anti-virus (AV)
• AWF - Alternative workforce (AWF)
• AWS - Amazon Web Services (AWS)
• AZ - Availability Zone (AZ)
• BC - Business Continuity (BC)
• BC – Broadcom (BC)
• BCR - Binding Corporate Rules (BCRs)
• BSIMM - Building Security in Maturity Model (BSIMM)
• BYO - Bring your own (device (BYOG) <or> key (BYOK))

C - D

Acronyms from C through D:

• CA - Certificate Authority (CA)
• CAIQ - Cloud Security Alliance Consensus Assessments Initiative Questionnaire (CAIQ)
• CCDA - Cisco Certified Network / Design Associate (CCNA / CCDA)
• CSP - Certified Cloud Security Professional (CCSP)
• CCTV - Closed Circuit Television Camera (CCTV)
• CD - Continuous Delivery (CD)
• CDN - Content Delivery Network (CDN)
• CEH - Certified Ethical Hacker (CEH)
• CI/CD - Continuous integration, continuous deployment pipeline (CICD)
• CIPM - Certificate in Investment Performance Measurement (CIPM)
• CIPP/E - Certified Information Privacy Professional/Europe (CIPP/E)
• CIS - Center of Internet Security (CIS) Benchmarks
• CISM - Certified Information Security Manager (CISM)
• CISSP - Certified Information Systems Security Professional (CISSP)
• CMMC - Cybersecurity Maturity Model Certification
• CompTIA - Computing Technology Industry Association (CompTIA)
• CSA - Cloud Security Alliance (CSA)
• CSRF - Cross-site request forgery (XSRF or CSRF)
• CSV - Comma-separated values (CSV)
• CUI - Controlled Unclassified Information
• CVSS - Common Vulnerability Scoring System (CVSS)
• CWE/SANS - Common Weakness Enumeration (CWE/SANS)
• DaR – Data-at-Rest (DaR)
• DBMS - Database management systems (DBMS)
• DDoS - Distributed Denial of Service (DDOS)
• DEK - Data encryption key (DEK)
• DiT – Data-in-Transit (DiT)
• DLP - Data loss prevention (DLP)
• DMZs - Demilitarized zones (DMZ)
• DNS - Domain Name System (DNS)
• DoD - U.S. Department of Defense (DoD)
• DPA - Data Protection Act (DPA)
• DPO - Data Protection Officer (DPO)
• DR - Disaster Recovery (DR)
• DS - Device Services (DS)

E - L

Acronyms from E through L:

• EAS - Exchange ActiveSync (Microsoft’s or MS EAS)
• EEA - European Economic Area (EEA)
• EEA BCRs – EEA’s Binding Corporate Rules (legacy EEA BCRs)
• ENS - Email Notification Service (ENS)
• ETL - Intelligence Connector (ETL)
• EUD - End user device (EUD)
• FADP - Federal Act on Data Protection (FADP)
• FCAPS - Fault, Configuration, Accounting, Performance, and Security (FCAPS)
• FedRAMP - Federal Risk and Authorization Management Program (FedRAMP)
• GDPR - General Data Protection Regulation (GDPR)
• GPO - Group Policy Object (GPO)
• HSTS - HTTP Strict Transport Security (HSTS)
• IaaS - Infrastructure-as-a-Service (IaaS)
• ICT - Information & Communications Technology (ICT)
• IdP - Identity Provider (IdP)
• IDS - Intrusion Detection System (IDS)
• IP – Internet Protocol (IP)
• IRAP - Infosec Registered Assessors Program (IRAP) Australian Gov't
• ISGC - Information Security Governance Committee (ISGC)
• ISM - Information Security Manual (ISM)
• ISMS - Information Security Management System (ISMS)
• ISO - International Standards Organization (ISO)
• ITIL - Information Technology Infrastructure Library (ITIL)
• IVR - Interactive voice response system (IVR)
• JiT - Just-in-Time (JiT)
• KMS - Key Management Service (KMS)
• L7 - Layer 7 or application layer
• LMS - Learning Management System (LMS)

M - P

Acronyms from M through R:

• MFA - Multi-factor Authentication (MfA)
• MitM - Machine-in-the-Middle (MitM) A.K.A. Man-in-the-Middle
• N+1 power – Computation for power backup sizing should any single sys component fail
• NCSC - UK National Cyber Security Centre (NCSC)
• NDA - Non-disclosure agreement (NDA)
• NIST - National Institute of Standards and Technology (NIST)
• NVD – National Vulnerability Database (NVD)
• OAuth - Open authorization (OAuth)
• OCSP - Online Certificate Status Protocol (OCSP)
• OSINT - Open-source intelligence (OSINT)
• OSS/TP - Open-source and third-party software validation (OSS/TP)
• OSSTMM – Open-Source Security Testing Methodology Manual (OSSTMM)
• OWASP - Open Web Application Security Project (OWASP)
• PBKDF2 - Password Based Key Derivation Function 2 (PBKDF2)
• PCI-DSS - Payment Card Industry Data Security Standard (PCI-DSS)
• PCoIP – PC over IP (PCoIP)
• PDU - Power distribution unit (PDU)
• PGP - Pretty Good Privacy (PGP)
• PII - Personally Identifiable Information (PII)
• PIV-D – Personal Identity Verification - Derived (Supported in WS1 PIV-D Manager)
• PKCS12 – Public Key Cryptography Standard 12 (PKCS12)
• PKI - Public key infrastructure (PKI)
• PSR - Product Security Requirements (PSR)

R - S

Acronyms from R through S:

• R&D - Research and development (R&D)
• RA - Registration Authority (RA)
• RBAC - Role-based access controls (RBAC)
• RDS - Remote Desktop Services (RDS)
• RDSH - Remote Desktop Session Host (RDSH)
• REST API - Representational State Transfer (REST) App Programming Interface (API)
• RPO - Recovery point objective (RPO)
• RSA - Rivest–Shamir–Adleman (RSA)
• RTO - Recovery Time Objective (RTO)
• S/MIME - Secure/Multipurpose internet Mail Extensions (S/MIME)
• SaaS - Software-as-a-Service (SaaS)
• SAFECode - Software Assurance Forum for Excellence in Code (SAFECode)
• SAML - Security Assertion Markup Language (SAML)
• SANS/CWE - aka Common Weakness Enumeration (CWE/SANS) via MITRE
• SCC - Standard contractual clause (SCC)
• SCRUM – Method used for new product dev in which a team is allowed to organize itself and make changes as quickly as possible (SCRUM)
• SDDC - Software-defined data centers (SDDCs)
• SDK - Software Development Kit (SDK)
• SDL - Security Development Lifecycle (SDL)
• SDLC - Software Development Life Cycle (SDLC)
• SECR - Security Engineering, Communications & Response (SECR)
• SIEM - Security Information Mgmt (SIM) <and> Security Event Mgmt (SEM) combined = Security Information & Event Management (SIEM)
• SLA - Service Level Agreement(s) (SLA)
• SME - Subject Matter Expert(s) (SMEs)
• SOC - Service Organization Control (SOC), when ref SOC 2 Type 2 audits from ISO
• SOC - Security Operations Center (EUC SOC), when ref incident response (IR), logging, and monitoring and support of operations
• SRC - Security Response Center (Legacy VSRC)
• SSH - Secure shell (SSH)
• SSL - Secure Sockets Layer (SSL) Retired, now (TLS)
• SSO - Single Sign-On (SSO)
• SSP - Self-Service Portal (SSP)
• STRIDE - Spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE)

T - Z

Acronyms from T through Z:

• TLS - Transport Layer Security (TLS)
• TOTP - Time-based one-time password (TOTP)
• TOU - Terms of Use (TOU)
• UDP - User Datagram Protocol (UDP)
• VCP - Certified Professional (VCP) (legacy)
• VDI - Virtual Desktop Infrastructure (VDI)
• VMC on AWS - Cloud on AWS (legacy)
• VPN - Virtual private network (VPN)
• WAF - Web Application Firewall (WAF)
• WEB/APP - Web and app layers
• XLS –Excel spreadsheet format (e.g. .xls & .xlsx file formats by Microsoft)
• XSRF-TOKEN - Cross-site request forgery (XSRF or CSRF)

Feedback

Your feedback is valuable.

To comment on this paper, contact Omnissa at tech_content_feedback@omnissa.com.