Security Acronyms

This glossary provides a quick reference for common security acronyms and terms used in modern cybersecurity frameworks and tools. Use this guide to better understand security documentation, compliance requirements, and technical discussions related to application and cloud security.

AICPA SOC 2 - System and Organization Controls 2

CI/CD Pipeline Security

CVE - Common Vulnerabilities and Exposures

ISO 27001:2022

ASPM - Application Security Posture Management

CSPM - Cloud Security Posture Management

SAST - Static Application Security Testing

SCA - Software Composition Analysis

DAST - Dynamic Application Security Testing

EASM - External Attack Surface Management

IaC - Infrastructure as Code

CNAPP - Cloud-Native Application Protection Platform

DSPM - Data security posture management

SIEM - Security Information and Event Management

RASP - Runtime Application Self Protection

WAF - Web App Firewall

GRC - Governance Risk & Compliance

MDR - Managed Detection Response

SBOM - Software Bill of Materials

NIS2 - Network and Information Security Directive 2

OWASP - Open Worldwide Application Security Project

XSS Vulnerabilities