Appendix D. Acronyms and Initialisms
ADM Asset Definition and Management (process area)
AM Access Management (process area)
BSIMM Building Security In Maturity Model
CBCP Certified Business Continuity Professional
CIO chief information officer
CISA Certified Information Systems Auditor
CISSP Certified Information Systems Security Professional
CMF CMMI Model Foundation
CMMI Capability Maturity Model Integration
CMMI-ACQ CMMI for Acquisition
CMMI-DEV CMMI for Development
CMMI-SVC CMMI for Services
COBIT Control Objectives for Information and Related Technology
COMM Communications (process area)
COMP Compliance (process area)
COPPA Children’s Online Privacy Protection Act
COR cost of resilience
COSO Committee of Sponsoring Organizations of the Treadway Commission frameworks
COTS commercial off-the-shelf
CPA Certified Public Accountant
CSIRT computer security incident response team
CTRL Controls Management (process area)
CVE Common Vulnerabilities and Exposures project
CXO higher-level managers (CEO, CSO, etc.)
DBA database administrator
DRII Disaster Recovery Institute International
EC Environmental Control (process area)
EF Enterprise Focus (process area)
EUDPA European Union Data Protection Directive
EXD External Dependencies Management (process area)
FBI U.S. Federal Bureau of Investigation
FCRA Fair Credit Reporting Act
FERC Federal Energy Regulatory Commission
FERPA Family Educational Rights and Privacy Act
FRM Financial Resource Management (process area)
FSTC Financial Services Technology Consortium
GG generic goal
GLBA Gramm-Leach-Bliley Act
GP generic practice
HIPAA Health Insurance Portability and Accountability Act
HRM Human Resource Management (process area)
HVAC heating, ventilation, and air conditioning
ID Identity Management (process area)
IIA Institute of Internal Auditors
IMC Incident Management and Control (process area)
ISACA Information Systems Audit and Control Association
ISO International Organization for Standardization
ISSA Information Systems Security Association
IT information technology
ITIL Information Technology Infrastructure Library
KCI key control indicator
KIM Knowledge and Information Management (process area)
KPI key performance indicator
MA Measurement and Analysis (process area)
MCSE Microsoft Certified Systems Engineer
MON Monitoring (process area)
OCTAVE Operationally Critical Threat, Asset, and Vulnerability Evaluation
OPD Organizational Process Definition (process area)
OPF Organizational Process Focus (process area)
ORPG operational resilience process group
OTA Organizational Training and Awareness (process area)
OWASP Open Web Applications Security Project
PA process area
PCI DSS Payment Card Industry Data Security Standard
PDA personal digital assistant
PM People Management (process area)
RFID radio frequency identification
RFP request for proposals
RISK Risk Management (process area)
RMA Risk Management Association
RMM Resilience Management Model
RORI return on resilience investment
RPO recovery point objective
RRD Resilience Requirements Development (process area)
RRM Resilience Requirements Management (process area)
RTO recovery time objective
RTSE Resilient Technical Solution Engineering (process area)
SAMM Software Assurance Maturity Model
SC Service Continuity (process area)
SCADA supervisory control and data acquisition
SCAMPI Standard CMMI Appraisal Method for Process Improvement
SEI Software Engineering Institute
SG specific goal
SLA service level agreement
SP specific practice
TM Technology Management (process area)
US-CERT United States Computer Emergency Readiness Team
VAR Vulnerability Analysis and Resolution (process area)