NIST publishes glossary of acronyms, abbreviations

NIST (the National Institute of Standards and Technology) hopes to bring some order to the sometimes inconsistent and often confusing world of IT (information technology) acronyms and abbreviations by publishing a glossary of commonly used terms.

NIST Interagency Report (“NISTIR”) 7581 , “System and Network Security Acronyms and Abbreviations,” runs the alphabetical gamut from A (address resource record type) to ZSK (zone signing key).

“The capitalization, spelling and definitions of acronyms and abbreviations frequently vary among publications,” the report states. Some abbreviations, such as WWW, have a universally recognized meaning, while others have multiple definitions. For instance, MAC can stand for mandatory access control, Media Access Control, Medium Access Control or message authentication code. Others might contain an internal logic but can be confusing at first glance. For instance, Triple DES (Data Encryption Standard) is often abbreviated as 3DES.

“This report is meant to help reduce these errors and confusion by providing the generally accepted or preferred definitions of a list of frequently used acronyms and abbreviations,” the report states. It is not an exhaustive list of IT security terms or a complete list of all the acronyms used in NIST publications. NIST typically appends a list of acronyms used in each of its publications.

In the latest report, NIST adopted a set of conventions for acronyms and abbreviations and their definitions.

  • Abbreviations and acronyms generally appear in all capital letters, though there are exceptions — for example, meter (m) and decibels referenced to 1 milliwatt (dBm).
  • Technical terms are not capitalized unless they are proper nouns, which include the names of people, places and groups, and the formal titles of protocols, standards and algorithms. For example, certification and accreditation (C&A) is not capitalized, but Advanced Encryption Standard (AES) is.
  • Collective nouns are not capitalized — for example, wide-area network (WAN).
  • When two or more definitions of the same acronym or abbreviation are given, the acronym or abbreviation is italicized and repeated for each definition.

Although this is not a draft report, readers are encouraged to submit additional entries related to system and network security for consideration, particularly for emerging technologies. Suggestions and corrections should be sent to [email protected]

About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.