FedRAMP Logo
The Federal Risk and Authorization Management Program
FedRAMP enables Agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost effective cloud-based IT.
FedRAMP has an established marketplace of the types of solutions that Federal Agencies need. This market promotes reusability to save money and time for Agencies and industry. We’re a program office funded to assist and provide guidance to Agencies in support of their move to modern, secure cloud technologies.
Acronym Definition
3PAO Third Party Assessment Organization
A2LA American Association of Laboratory Accreditors
AC Access Control
ACL Access Control List
AO Authorizing Official
API Application Programming Interface
APL Approved Products List (DOD list)
ASHRAE American Society of Heating, Refrigerating and Air-conditioning Engineers
AT Awareness and Training
ATO Authorization To Operate
AU Audit and Accountability
BCP Business Continuity Plan
BIA Business Impact Analysis / Business Impact Assessment
C&A Certification & Accreditation
CA Security Assessment and Authorization
CAP Corrective Action Plan
CapEx Capital Expense
CAPTCHA Completely Automated Public Turing Test to tell Computers and Humans Apart
CCB Change Control Board
CDM Continuous Diagnostics and Mitigation
CERT Computer Emergency Response Team
CI Configuration Item
CIDR Classless Inter-Domain Routing
CIOC Chief Information Officer Council
CIRT Consumer Incident Response Team
CIS Control Implementation Summary / Control Information Summary
CISO Chief Information Security Officer
CLI Command Line Interface
CM Configuration Management
CMP Configuration Management Plan
CMVP Cryptographic Module Validation Program
CO Contracting Officer
ConMon Continuous Monitoring
CONOPS Concept of Operations
COOP Continuity of Operations Plan
COR Contracting Officer’s Representative
COTS Commercial Off-The-Shelf
CP Contingency Planning
CPD Contingency Planning Director
CR Change Request
CRM Customer Relationship Management
CSIRC Computer Relationship Management
CSP Cloud Service Provider
CTW Control Tailoring Workbook
CUI Confidential Unclassified Information
DAA Designated Approving Authority
DAS Direct Attached Storage
DDoS Distributed Denial of Service
DHS Department of Homeland Security
DMZ Demilitarized Zones
DNS Domain Name System
DoD Department of Defense
E-Authentication Electronic Authentication
EC-Council International Council of Electronic Commerce Consultants
ECSB Enterprise Cloud Service Broker
FDCCI Federal Data Center Consolidation Initiative
FedRAMP Federal Risk and Authorization Management Program
FIPS Federal Information Processing Standards
FIPS 199 Federal Information Processing Standard Publication 199
FIPS PUB Federal Information Processing Standard Publication
FIPS PUB 199 Federal Information Processing Standard Publication
FISMA Federal Information Security Management Act of 2014
FOC Final Operating Capability
FOIA Freedom of Information Act
FTP File Transfer Protocol
GIAC Global Information Assurance Certification
gov Government
GSA General Services Administration
GSS General Support System
GUI Graphical User Interface
HIDS Host Intrusion Detection System
HIPAA Health Insurance Portability and Accountability Act (of 1996)
HIPS Host Intrusion Prevention System
HSM Hardware Security Module
HSPD Homeland Security Presidential Directive
HSPD 12 Homeland Security Presidential Directive 12
HTTP Hyper Text Transport Protocol
IA Identification and Authentication
IAA Inter-Agency Agreement
IaaS Infrastructure as a Service (Model)
IAP Internet Access Points
IATO Interim Authorization to Operate
ID Identification
IEC International Electrotechnical Commission
IG Inspector General / Implementation Guidance
IOC Initial Operating Capability
IP Internet Protocol
IPv4 Internet Protocol version 4
IPv6 Internet Protocol version 6
IR Incident Response
ISCP This Information Technology Contingency Plan
iSCSI Internet Small Computer System Interface
ISIMC Information Security and Identity Management Committee
ISO International Organization for Standardization
ISO/IEC International Organization for Standardization / International Electrotechnical Commission
ISP Internet Service Provider
ISPP Information Security Policies and Procedures
ISSO Information System Security Officer
IT Information Technology
ITCP IT Contingency Plan
JAB (FedRAMP) Joint Authorization Board
LAN Local Area Network
LMS Learning Management System
MA Maintenance
MAS Multiple Award Schedule
MAX MAX.gov (Secure Repository)
mil Military
MOU Memorandum of Understanding
MP Media Protection
MSSP Managed Security Service Provider
MT Manual Test
MTIPS Managed Security Service Provider
N/A Not Applicable
NARA National Archives and Records Administration
NAS Network Attached Storage
NAT Network Address Translation
NFPA National Fire Protection Association
NGO Non-Governmental Organization
NIAP National Information Assurance Partnership
NISP National Industrial Security Program
NIST National Institute of Standards and Technology
NIST-SP NIST Special Publication
NLA No Logical Access
NNTP Network News Transfer Protocol
NP Non-Privileged
NPPD National Protection and Programs Directorate (of DHS)
NTP Network Time Protocol
NVI NAT Virtual Interface
ODAL Outage and Damage Assessment Lead
OEP Occupant Emergency Plan
OIG Office of the Inspector General
OMB Office of Management and Budget
OpEx Operating Expense
OR Operational Requirement
OSINT Open Source Intelligence
OWASP Open Web Application Security Project
P Privileged
PA Provisional Authorization
PaaS Platform as a Service (Model)
P-ATO Provisional Authorization to Operate
PDF Portable Document Format
PDS Protective Distribution System
PE Physical and Environmental Protection
PIA Privacy Impact Assessment
PII Personally Identifiable Information
PIV Personal Identity Verification
PKI Public Key Infrastructure
PL Planning (SSP Table 13-1)
PL Public Law
PLC Procurement and Logistics Coordinator
PM Program Management
PMO Program Management Office
POA&M Plan of Action and Milestones
POC Point of Contact
PS Personnel Security
PTA Privacy Threshold Analysis
PTR Penetration Test Report
PUB Publication
QA Quality Assurance
QC Quality Conrol
QM Quality Management
R1 Revision 1
RA Risk Assessment
RBAC Role-Based Access Control
Rev Revision
RFC Request for Change
RFI Request for Information
RFP Request for Proposal
RIP Routing Information Protocol
RMF Risk Management Framework
RoB Rules of Behavior
ROE Rules of Engagement
RTO Recovery Time Objective
SA System and Services Acquisition (SSP Table 13-1)
SA Security Assessment
SaaS Software as a Service
SAF Security Assessment Framework
SAML Security Assertion Markup Language
SAN Storage Area Networks
SAP Security Assessment Plan
SAR Security Assessment Report
SAS Security Assessment Support
SC System and Communications Protection
SCSI Small Computer System Interface
SDLC System Development Life Cycle
SI System and Information Integrity
SLA Service Level Agreement
SME Subject Matter Expert
SMS Short Message Service
SMTP Simple Mail Transfer Protocol
SOP Standard Operating Procedure
SORN System of Records Notice
SP Service Processor (SSP Table 11-1)
SP Special Publication
SQL Structured Query Language
SSL Secure Sockets Layer
SSO Single Sign-On
SSP System Security Plan
TCP Transmission Control Protocol
TFTP Trivial FTP
TIC Trusted Internet Connection
TICAP Trusted Internet Connection Access Providers
TLS Transport Layer Security
TP Test Plan
TR Technical Representative
TR-R Technical Representative’s Representative
TTS Technology Transformation Services
US United States
UDP User Diagram Protocol
UPS Uninterruptable Power Supply
URL Uniform Resource Locator
USC United States Code
US-CERT United States Computer Emergency Readiness Team
UUCP Unix-to-Unix Copy Protocol
V2 Version 2
VLAN Virtual Local Area Network
VPN Virtual Private Network