May 13, 2020 •Walt Paley
It's a bit grandiose for a blog post title, but this is long overdue and it feels good to move it from my "To Do" List to my "Revisit and Update in the Future" List. With that in mind, please enjoy this authoritative reference list of every acronym, abbreviation, and terminology found in FIPS 140, federal government and Public Sector procurement, and regulated industry compliance and certification. I plan to expand and improve this repository in the near future, so please contact us if you have suggestions.
Without further ado, here is The Best FIPS 140-2 Acronym, Abbreviation, and Terminology Glossary on the Internet, presented by SafeLogic!
| Term | Definition |
| 3PAO | Third Party Assessment Organization |
| ACVT | Automated Cryptographic Validation Testing |
| ACVTS | Automated Cryptographic Validation Testing System |
| ADI | Alliance for Digital Innovation |
| AES | Advanced Encryption Standard |
| AFCEA | Armed Forces Communications and Electronics Association |
| ANSI X9.31 | X9.31-1998, Digital Signatures using Reversible Public Key Cryptography for the Financial Services Industry (rDSA), September 9, 1998 |
| API | Application Programming Interface |
| APL | Approved Products List |
| ATO | Authority to Operate |
| C3PAO | CMMC Third Party Assessment Organization |
| CAVP | Cryptographic Algorithm Validation Program |
| CBC | Cipher-Block Chaining |
| CC | Common Criteria |
| CCCS | Canadian Centre for Cyber Security |
| CCM | Counter with CBC-MAC |
| CDH | Computational Diffie-Hellman |
| CFB | Cipher Feedback Mode |
| CMAC | Cipher-based Message Authentication Code |
| CMMC | Cybersecurity Maturity Model Certification |
| CMMC-AB | CMMC Accreditation Body |
| CMVP | Cryptographic Module Validation Program |
| CNSS | Committee on National Security Systems |
| CO | Crypto Officer |
| CPU | Central Processing Unit |
| CS | Ciphertext Stealing |
| CSD | Computer Security Division |
| CSfC | Commercial Solutions for Classified |
| CSO | Cloud Service Offering |
| CSP | Cloud Services Provider |
| CSP | Critical Security Parameter |
| CST | Cryptographic and Security Testing |
| CTR | Counter-mode |
| CVL | Component Validation List |
| DES | Data Encryption Standard |
| DH | Diffie-Hellman |
| DIB | Defense Industrial Base |
| DISA | Defense Information Systems Agency |
| DoD | Department of Defense |
| DoDIN APL | Department of Defense Information Network Approved Products List |
| DRAM | Dynamic Random Access Memory |
| DRBG | Deterministic Random Bit Generator |
| DSA | Digital Signature Algorithm |
| DSTU4145 | Ukrainian DSTU-4145-2002 Elliptic Curve Scheme |
| EC | Elliptic Curve |
| ECB | Electronic Code Book |
| ECC | Elliptic Curve Cryptography |
| ECDSA | Elliptic Curve Digital Signature Algorithm |
| EMC | Electromagnetic Compatibility |
| EMI | Electromagnetic Interference |
| FCC | Federal Communications Commission |
| FedRAMP | Federal Risk and Authorization Management Program |
| FFRDC | Federally Funded Research and Development Centers |
| FIPS | Federal Information Processing Standard |
| FIPS 140-2 | Security Requirements for Cryptographic modules, May 25, 2001 |
| FIPS 140-3 | Security Requirements for Cryptographic modules, March 22, 2019 |
| FIPS 180-4 | Secure Hash Standard (SHS) |
| FIPS 186-2 | Digital Signature Standard (DSS) |
| FIPS 186-3 | Digital Signature Standard (DSS) |
| FIPS 186-4 | Digital Signature Standard (DSS) |
| FIPS 197 | Advanced Encryption Standard |
| FIPS 198-1 | The Keyed-Hash Message Authentication Code (HMAC) |
| FIPS 202 | SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions |
| FISMA | Federal Information Security Management/Modernization Act |
| GCM | Galois/Counter Mode |
| GMAC | Galois Message Authentication Code |
| GOST | Gosudarstvennyi Standard Soyuza SSR/Government Standard of the Union of Soviet Socialist Republics |
| GPC | General Purpose Computer |
| HIPAA | Health Insurance Portability and Accountability Act |
| HIPPA | a common misspelling of HIPAA |
| HITRUST | Health Information Trust Alliance |
| HMAC | (Keyed-) Hash Message Authentication Code |
| IEC | International Electrotechnical Commission |
| IG | Implementation Guidance [in this case, within the context of FIPS 140 and the Cryptographic Module Validation Program] |
| IG | Implementation Guidance |
| ILAC | International Laboratory Accreditation Cooperation |
| ISO | International Organization for Standardization |
| IV | Initialization Vector |
| JAB | Joint Authorization Board |
| JAR | Java ARchive |
| JCA | Java Cryptography Architecture |
| JCE | Java Cryptography Extension |
| JDK | Java Development Kit |
| JRE | Java Runtime Environment |
| JVM | Java Virtual Machine |
| KAS | Key Agreement Scheme |
| KAT | Known Answer Test |
| KDF | Key Derivation Function |
| KW | Key Wrap |
| KWP | Key Wrap with Padding |
| MAC | Message Authentication Code |
| MD5 | Message Digest algorithm MD5 |
| MOA | Memorandum of Agreement |
| N/A | Non Applicable |
| NDRNG | Non Deterministic Random Number Generator |
| NIAP | National Information Assurance Partnership |
| NIST | National Institute of Standards and Technology |
| NSS | National Security Systems |
| NSS | Network Security Services |
| NVLAP | National Voluntary Laboratory Accreditation Program |
| OCB | Offset Codebook Mode |
| OFB | Output Feedback |
| OMB | Office of Management and Budget |
| OS | Operating System |
| OUSD(A&S) | Office of the Under Secretary of Defense for Acquisition and Sustainment |
| P-ATO | Provisional Authority to Operate |
| PBKDF | Password-Based Key Derivation Function |
| PKCS | Public-Key Cryptography Standards |
| PKCS#1 v2.2 | RSA Cryptography Standard |
| PKCS#12 v1.1 | Personal Information Exchange Syntax Standard |
| PKCS#5 v2.0 | Password-Based Cryptography Standard |
| PMO | Program Management Office |
| PQG | Diffie-Hellman Parameters P, Q and G |
| RC | Rivest Cipher, Ron’s Code |
| PRNG | Pseudo-Random Number Generator |
| RIPEMD | RACE Integrity Primitives Evaluation Message Digest |
| RSA | Rivest, Shamir, and Adleman |
| SHA | Secure Hash Algorithm |
| SP 800-108 | Recommendation for Key Derivation Using Pseudorandom Functions |
| SP 800-132 | Recommendation for Password-Based Key Derivation |
| SP 800-135 | Recommendation for Existing Application–Specific Key Derivation Functions |
| SP 800-20 | Modes of Operation Validation System for Triple Data Encryption Algorithm (TMOVS) |
| SP 800-38A | Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode |
| SP 800-38B | Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication |
| SP 800-38C | Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality |
| SP 800-38D | Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC |
| SP 800-38F | Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping |
| SP 800-56A | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography |
| SP 800-56B | Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography |
| SP 800-56C | Recommendation for Key Derivation Methods in Key-Establishment Schemes |
| SP 800-67 | Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher |
| SP 800-89 | Recommendation for Obtaining Assurances for Digital Signature Applications |
| SP 800-90A | Recommendation for Random Number Generation Using Deterministic Random Bit Generators |
| SP 800-171 | Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
| STIG | Security Technical Implementation Guide |
| STVMG | Security Testing, Validation and Measurement |
| TCBC | TDEA Cipher-Block Chaining |
| TCFB | TDEA Cipher Feedback Mode |
| TDEA | Triple Data Encryption Algorithm |
| TDES | Triple Data Encryption Standard |
| TECB | TDEA Electronic Codebook |
| TLS | Transport Layer Security |
| TOFB | TDEA Output Feedback |
| UARC | University Affiliated Research Centers |
| UC | Unified Communications |
| UC APL | Unified Communications Approved Products List (now the DoDIN APL) |
| USB | Universal Serial Bus |
| XOF | Extendable-Output Function |
