“Guidelines on Electronic Mail Security (NIST SP 800-45, Version 2),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, February 2007.
“Guidelines on Firewalls and Firewall Policy (NIST SP 800-41 Revision 1),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, September 2009.
“Guidelines on Security and Privacy in Public Cloud Computing (NIST SP 800-144 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, January 2011.
“Information Assurance Technical Framework (IATF),” National Security Agency (NSA), Release 3.1, Fort Meade, Maryland, September 2002.
“Information Security Continuous Monitoring for Federal Information Systems and Organizations (NIST SP800-137 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, December 2010.
“The Institute of Electrical and Electronics Engineers, Inc.,” IEEE Standard 802-2001, New York, New York, Copyright 2002.
“Institute of Standards and Technology (NIST),” U.S. Department of Commerce, Gaithersburg, Maryland, June 2010.
“Managing Information Security Risk (NIST SP800-39),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, March 2011.
“Managing Risk from Information Systems: An Organizational Perspective (NIST SP800-39),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, April 2008.
“Piloting Supply Chain Risk Management Practices for Federal Information Systems (NISTIR7622 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, June 2010.
“Recommended Security Controls for Federal Information Systems and Organizations (NIST SP800-53 R3),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2009.
“Service Component-Based Architectures, Version 2.0,” CIO Council, June 2004 (www.cio.gov).
Tanenbaum, Andrew S. Computer Networks by Chapter 5, Fourth Edition, Prentice Hall PTR, Upper Saddle River, New Jersey, Copyright 2003.
“Technical Guide to Information Security Testing (NIST SP 800-115 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, November 2007.
“Telecommunications: Glossary of Telecommunication Terms, Federal Standard 1037C,” U.S. General Services Administration (GSA), Washington, DC, August 1996.
“User’s Guide to Securing External Devices for Telework and Remote Access (NIST SP 800-114),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, November 2007.
“Wikipedia Encyclopedia,” Definitions for certain terms were adapted from Wikipedia (www.wikipedia.org).
Appendix B
CISSP Acronyms and Abbreviations 2012
This appendix consists of a list of selected information system and network security acronyms and abbreviations, along with their generally accepted definitions. When there are multiple definitions for a single term, the acronym or abbreviation is stacked next to each other.
Numeric
2TDEA
Two key triple DEA
3TDEA
Three key triple DEA
3DES
Three key triple data encryption standard
1G
First generation of analog wireless technology
2G
Second generation of digital wireless technology
3G
Third generation of digital wireless technology
4G
Fourth generation of digital wireless technology
A
AAA
Authentication, authorization, accounting
ABAC
Attribute-based access control
ACE
Access control entry
ACK
Acknowledgment
ACL
Access control list
ADCCP
Advanced data communication control procedure
ADSL
Asymmetric digital subscriber line
AES
Advanced encryption standard
AES-CBC
Advanced encryption standard – Cipher block chaining
AES-CTR
Advanced encryption standard – Counter mode
AH
Authentication header
AIN
Advanced intelligent networks
AK
Authorization key
ALE
Annual loss expectancy
ALG
Application layer gateway
ANI
Automatic number identification
ANN
Artificial neural network
AP
Access point
APDU
Application protocol data unit
API
Application programming interface
ARP
Address resolution protocol
AS
Authentication server/authentication service/autonomous system
ASCII
American standard code for information interchange
ASP
Active server page
ATA
Advanced technology attachment
ATM
Asynchronous transfer mode/automated teller machine
AV
Anti-virus
AVP
Attribute-value par
B
B2B
Business-to-business electronic commerce model
B2B2C
Business-to-business-to-consumer electronic commerce model
B2C
Business-to-consumer electronic commerce model
B2E
Business-to-employees electronic commerce model
BCP
Business continuity plan
BGP
Border gateway protocol
BIA
Business impact analysis
BIOS
Basic input/output system
BITS
Bump-in-the-stack
BOOTP
Bootstrap protocol
BPI
Business process improvement
BPR
Business process reengineering
BRP
Business recovery (resumption) plan
BS
Base station
BSS
Basic service set
C
C2B
Consumer-to-business electronic commerce model
C2C
Consumer-to-consumer electronic commerce model
C&A
Certification and accreditation
CA
Certification authority
CAC
Common access card
CAN
Campus-area network
CASE
Computer-aided software engineering
CBC
Cipher block chaining
CBC-MAC
Cipher block chaining-message authentication code
CC
Common Criteria
CCE
Common configuration enumeration
CCMP
Cipher block chaining message authentication code protocol
CCTV