TRA Acronyms
The TRA Acronyms contains a list of acronyms referenced in each section of the CMS TRA.
| Term | Definition |
|---|---|
| 3PAO | Third-Party Assessment Organization |
| AAA | Authentication, Authorization, and Accounting |
| A | IPv4 Address Record |
| a.k.a. | Also Known As |
| AA | Address Allocation |
| AAAA | IPv6 Address Record |
| AAL | Authenticator Assurance Level |
| AC | Access Control |
| ACA | Affordable Care Act |
| ACE | Access Control Entitlements |
| ACF | Access Control Facility |
| ACL | Access Control List |
| ACO | Accountable Care Organization |
| ACP | Access Control Product (e.g., ACF/2, RACF, TSS) |
| ACR | Architecture Change Request |
| ACT | Adaptive Capability Testing |
| AD | Active Directory |
| AD | Application Development |
| ADM | Application Development Methodology |
| ADO | Application Development Organization |
| AES | Advanced Encryption Standard |
| AHRQ | Agency for Healthcare Research and Quality |
| AJAX | Asynchronous JavaScript and XML |
| ALF | Application Layer Filtering |
| ALFA | Application Layer Filtering Authorization and Authentication |
| ALFG | Application Layer Filtering Gateway |
| ALOM | Advanced Lights Out Manager |
| AMD | Advanced Micro Device |
| AMQP | Advanced Message Queuing Protocol |
| AO | Administrative Officer |
| AO | Authorizing Official |
| APF | Authorized Program Facility |
| API | Application Programming Interface |
| APM | Application Performance Monitoring |
| AQ | Acquisition |
| ARIA | Accessible Rich Internet Applications |
| ARM | Application Response Measurement |
| AS | Autonomous System |
| AS3 | Simple Storage Service (Amazon) |
| ASN | Autonomous System Number |
| ASP | Application Service Provider |
| ASPA | Assistant Secretary for Public Affairs |
| ATAG | Authoring Tool Accessibility Guidelines |
| ATO | Authorization to Operate |
| AU | Audit and Accountability |
| AV | Anti-Virus |
| AWS | Amazon Web Services |
| AZ | Application Zone |
| AZ | Availabilty Zone |
| BAM | Business Activity Monitoring |
| batCAVE | Continuous Authorization and Verification Engine |
| BDC | Baltimore Data Center |
| BGP | Border Gateway Protocol |
| BI | Business Intelligence |
| BIA | Business Impact Analysis |
| BIND | Berkeley Internet Name Daemon |
| BLOB | Binary Large Objects |
| BMP | Bitmap |
| BPEL | Business Process Execution Language |
| BR | Business Rule |
| BRM | Business Reference Model |
| BSD | Berkeley Software Distribution License |
| BSR | Bootstrap Router |
| CA | Certificate Authority |
| CAA | CMS Access Administrator |
| CARE | Continuity Assessment and Record Evaluation |
| CBO | Community-Based Organization |
| CBP | CMSNet Business Partner |
| CBWFQ | Class-Based Weighted Fair Queuing |
| CCB | Change Control Board |
| CCB | Configuration Control Board |
| CCE | Common Configuration Enumeration |
| CCIC | CMS Cybersecurity Integration Center |
| CCM | Cloud Controls Matrix |
| CCO | Call Center Operations |
| CCSS | Common Configuration Scoring System |
| CCW | Chronic Care Warehouse |
| CDA | Central Database Administration |
| CDM | Continuous Diagnostics and Mitigation |
| CDN | Content Delivery Network |
| CDN | Content Distribution Network |
| CE | Customer Edge |
| CEA | Chief Enterprise Architect |
| CEI | Common Enterprise Infrastructure |
| CERT | Carnegie Mellon University Computer Emergency Response Team |
| CFACTS | CMS FISMA Controls Tracking System |
| CFR | Code of Federal Regulations |
| CHDC | Contractor-Hosted Data Center |
| CHPID | Channel Path Identifiers |
| CI | Cloud Infrastructure |
| CI | Configuration Item |
| CI | Continuous Integration |
| CIA | Confidentiality, Integrity, and Availability |
| CICS | Customer Information Control System |
| CIEM | Canonical Modeling for Information Exchange Methodology |
| CIFS | Common Internet File System |
| CIM | Common Information Model |
| CIO | Chief Information Officer |
| CIS | Center for Internet Security |
| CISO | Chief Information Security Officer |
| CLF | Common Log Format |
| CLOB | Character Large Objects |
| CM | Configuration Management |
| CM | CMS Cloud Manager |
| CMA | Computer Matching Agreement |
| CMaaS | Continuous Monitoring as a Service |
| CME | Continuing Medical Education |
| CMIS | Contractor Management Information System |
| CMS | Centers for Medicaid & Medicare Services |
| CMSNet | CMS Private Network |
| CMSR | CMS Minimum Security Requirements |
| CNAME | Canonical Name Record |
| CO | Central Office of CMS |
| COB | Coordination of Benefits |
| COBS | Coordination of Benefits Service |
| COI | Community of Interest |
| COOP | Continuity of Operations Plan |
| CORS | Cross-Origin Resource Sharing |
| CoS | Class of Service |
| CPU | Central Processing Unit |
| CR | Change Request |
| CRA | Cyber Risk Advisor |
| CRC | Cyclic Redundancy Code |
| CROWNWeb | Consolidated Renal Operations in a Web-based Network |
| CSA | Cloud Security Alliance |
| CSIRC | Computer Security Incident Response Center |
| CSM | Configuration Settings Management |
| CSP | Credential Service Provider |
| CSP | Cloud Service Provider |
| CSR | Customer Service Representative |
| CSS | Cascading Style Sheets |
| CSV | Comma Separated Variable |
| CTO | Chief Technology Officer |
| CVE | Common Vulnerabilities and Exposures |
| CVSS | Common Vulnerability Scoring System |
| CWE™ | Common Weakness Enumeration |
| CWF | Common Working File |
| CY | Calendar Year |
| D | Delivery |
| DA | Data Architecture |
| DASD | Direct Access Storage Device |
| DBA | Database Administrator |
| DBidS | DMEPOS Bidding System |
| D-Bids | Durable Medical Equipment Billing System |
| DBM | Data and Database Management |
| DBMS | Database Management System |
| DC | Data Center |
| DCEP | Data Converter Evaluation Platform |
| DDES | Division of Data Enterprise Services |
| DDL | Data Definition Language |
| DDoS | Direct Denial of Service |
| DDPS | Drug Data Processing System |
| DEA | Division of Enterprise Architecture |
| DESY | Data Extract Software System |
| DEV | Development |
| DFM | Design for Maintainability |
| DFS | Digital Forensics Services |
| DHCP | Dynamic Host Configuration Protocol |
| DHS | Department of Homeland Security |
| DIIMP | Division of IT Investment Management and Policy |
| DIME | Direct Internet Message Encapsulation |
| DISA | Defense Information Systems Agency |
| DIT | Defect and Issue Tracking |
| DITG | Division of Information Technology Governance |
| DLM | Data Life-cycle Management |
| DM | Data Mart |
| DME | Durable Medical Equipment |
| DMEPOS | Durable Medical Equipment Prosthetic, Orthotic, and Supplies |
| DML | Data Modification Language |
| DMVPN | Dynamic Multipoint Virtual Private Network |
| DMZ | Demilitarized Zone |
| DNS | Domain Name System / Domain Name Service |
| DNSSEC | Domain Name Service Security |
| DoD | Department of Defense |
| DOM | Document Object Model |
| DoS | Denial of Service |
| DP | Device Profiler |
| dpi | Dots per Inch |
| DPL | Dynamic Program Link |
| DR | Disaster Recovery |
| DSCP | Differentiated Services Code Point |
| DSDL | Document Schema Definition Language |
| DSN | Data Source Name |
| DSS | Data Storage Services |
| DUA | Data Use Agreement |
| DW | Data Warehouse |
| DZ | Data Zone |
| E01 | Expert Witness |
| EA | Enterprise Architecture |
| EaaS | Enterprise as a Service |
| EADG | Enterprise Architecture and Data Group |
| eBGP | External Border Gateway Protocol |
| EBP | Extranet Business Partner |
| EC2 | Amazon’s Elastic Compute Cloud |
| eCHIMP | Electronic Change Management Portal |
| ECM | Enterprise Content Management |
| ECMA | European Computer Manufacturers Association |
| ED | Engineering Documentation |
| EDC | Enterprise Data Center |
| EDE | Enterprise Data Environment |
| EDL | Enterprise Data Lake |
| EDM | Enterprise Data Mesh |
| EDR | Enterprise Data Repository |
| EDSR | Enhanced Dedicated SONET Ring |
| EDW | Enterprise Data Warehouse |
| EE | Enterprise Edition (Java) |
| EF | Expedited Forwarding |
| EFI | EUA Front End Interface |
| EFT | Enterprise File Transfer |
| EFT | Enterprise File Transfer, Electronic File Transfer |
| EHR | Electronic Health Record |
| EHRD | Electronic Health Records Demonstration |
| EID | Enterprise Identifier |
| EIDM | Enterprise Identity Management |
| EIGRP | Enhanced Interior Gateway Routing Protocol |
| EIN | Employer Identification Number |
| EIT | Electronic and Information Technology |
| EJB | Enterprise Java Bean |
| ELA | Enterprise License Agreement |
| ELDM | Enterprise Logical Data Model |
| EMPI | Enterprise Master Person Indexes |
| EOC | Enterprise Operations Centers |
| EPP | Endpoint Protocol |
| EPS | Encapsulated PostScript |
| ERR | Environmental Readiness Review |
| ES | Enterprise Security |
| ESB | Enterprise Service Bus |
| ESIM | Enterprise Services for Identification Management |
| ESOC | Enterprise Security Operations Center |
| ESQL | Embedded Structured Query Language |
| ESS | Enterprise Shared Services |
| ESSG | Enterprise Shared Services Group |
| ETL | Extract, Transform, and Load |
| ETL | Extract, Transform, Load |
| EUA | Enterprise User Administration |
| EUDC | Enterprise User Data Catalog |
| FAL | Federal Assurance Level |
| FAQ | Frequently Asked Questions |
| FAR | Federal Acquisition Regulation |
| FBI | Federal Bureau of Investigation |
| FC | Fibre Channel |
| FCIP | Fibre Channel Over IP |
| FCoE | Fibre Channel Over Ethernet |
| FDCC | Federal Desktop Core Configuration |
| FDCCI | Federal Data Center Consolidation Initiative |
| FedRAMP | Federal Risk and Authorization Management Program |
| FFRDC | Federally Funded Research and Development Center |
| FICON | Fibre Connection |
| FID | Fraud Investigation Database |
| FIPS | Federal Information Processing Standards |
| FISMA | Federal Information Security Modernization Act |
| FMAT | Forensic & Malware Analysis Team |
| FOIA | Freedom of Information Act |
| FOUO | For Official Use Only |
| FQDN | Fully Qualified Domain Name |
| FSSS | Federal IT Shared Services |
| FT | Fault Tolerance |
| FTI | Federal Tax Information |
| FTP | File Transfer Protocol |
| FTP/S | File Transfer Protocol with SSL for Security |
| FW | Firewall |
| FWA | Firewall Administration |
| G2B | Government-to-Business |
| G2C | Government-to-Citizens |
| G2G | Government-to-Government |
| GAO | Government Accountability Office |
| GB | Gigabyte |
| GD | Group Director |
| GDOI | Group Domain of Interpretation |
| GETVPN | Group Encrypted Transport Virtual Private Network |
| GFE | Government Furnished Equipment |
| GFI | Government-Furnished Information |
| GFS | Government-Furnished Software |
| GID | Group Identifier |
| GIF | Graphics Interchange Format |
| GIS | Gentran Integration Suite (now called IBM Sterling Integration Suite) |
| GIS | Geographical Information Systems |
| GMT | Greenwich Mean Time |
| GNOSC | Government Network Operations and Security Center |
| GNU | GNUs Not UNIX |
| GOTS | Government Off-the-Shelf |
| GPL | GNU General Public License |
| GPO | Group Policy Object |
| GPU | Graphical Processing Unit |
| GRC | Governance, Risk and Compliance |
| GRE | Generic Routing Encapsulation |
| GSA | General Services Administration |
| GSS | General Support System |
| GTL | Government Task Lead |
| GUI | Graphical User Interface |
| GWT | Google Web Toolkit |
| HA | Highly Available |
| HBSS | Host-Based Security Systems |
| HCAHPS | Hospital Consumer Assessment of Healthcare Providers and Systems |
| HEAR | HHS Enterprise Architecture Repository |
| HETS | HIPAA Eligibility Transaction System |
| HETS UI | HIPAA Eligibility Transaction System User Interface |
| HHS | Department of Health and Human Services |
| HIDS | Host-based Intrusion Detection System |
| HIGLAS | Healthcare Integrated General Ledger Accounting System |
| HIPAA | Health Insurance Portability and Accountability Act of 1996 |
| HIPS | Host-based Intrusion Prevention System |
| HITECH | Health Information Technology for Economic and Clinical Health Act |
| HOLAP | Hybrid Online Analytical Processing |
| HOP QDRP | Hospital Outpatient Quality Data Reporting Program |
| HP | Hewlett-Packard |
| HPMS | Health Plan Management System |
| HQA | Hospital Quality Alliance |
| HR | Human Resources |
| HSPD | Homeland Security Presidential Directive |
| HSRP | Hot Standby Routing Protocol |
| HSTS | HTTP Strict Transport Security |
| HTML | HyperText Markup Language |
| HTTP | HyperText Transport Protocol |
| HTTPS | Secure Hypertext Transport Protocol |
| HTTPS | Hypertext Transfer Protocol over Secure Sockets Layer |
| HVA | High Value Assets |
| HW | Hardware |
| HWAM | Hardware Asset Management |
| I/O | Input/Output |
| IA | Information Assurance; Identification and Authentication |
| IAA | Inter-Agency Agreement |
| IaaS | Infrastructure as a Service |
| IACS | Individuals Authorized Access to the CMS Computer Services |
| IAL | Identity Assurance Level |
| IAM | Identity and Access Management |
| IANA | Internet Assigned Numbers Authority |
| IATO | Interim Authority To Operate |
| ICD | Interface Control Document |
| ICMPv6 | Internet Control Message Protocol for IPv6 |
| ICSA | International Computer Security Association |
| ICT | Information Communication Technology |
| ID | Identity |
| ID | Identifier |
| ID | Identifier, Identity |
| ID/IQ | Indefinite Delivery/Indefinite Quantity |
| IDE | Integrated Development Environment |
| IDM | Identity Management System |
| IDP | Intrusion Detection and Prevention |
| IDQ | Informatica Data Quality |
| IDR | Integrated Data Repository |
| IDS | Intrusion Detection System |
| IEA | Information Exchange Agreement |
| IEEE | Institute of Electrical and Electronics Engineers |
| IEM | IBM Endpoint Manager |
| IETF | Internet Engineering Task Force |
| IGP | Interior Gateway Protocol |
| IHS | IBM HTTP Server |
| IIOP | Internet Inter-ORB Protocol |
| IIS | Internet Information Server |
| IKE | Internet Key Exchange |
| ILC | Integrated IT Investment & System Life Cycle |
| IM | Identity Manager (Sun Microsystems product) |
| IMAP | Internet Message Access Protocol |
| IMT | Incident Management Team |
| IOC | Indicators of Compromise |
| IOS | Immediate Office of the Secretary |
| IoT | Internet of Things |
| IP | Internet Protocol |
| IPA | Integration Partner Agreement |
| IPM | Infrastructure Performance Monitoring |
| IPMP | Internet Protocol Network Multipathing |
| IPS | Intrusion Prevention System |
| IPSec | Internet Protocol Security |
| IPv4 | Internet Protocol version 4 |
| IPv6 | Internet Protocol version 6 |
| IR | Incident Report, Incident Response |
| IR | Incident Report |
| IRF | Inpatient Rehabilitation Facility |
| IRR | Implementation Readiness Review |
| IRT | Incident Response Team |
| IS | Information Security |
| IS&CTI | Information Sharing and Cyber Threat Intel |
| IS2P | Information System Security and Privacy |
| IS2P2 | CMS Information System Security and Privacy Policy |
| ISA | Interagency Security Agreement |
| ISATAP | Intra-Site Automatic Tunnel Addressing Protocol |
| ISCI | Internet Small Computer System Interface |
| ISCM | Information Security Continuous Monitoring |
| iSCSI | Internet Small Computer Systems Interface |
| ISIS | IBM Sterling Integration Suite (formerly Gentran Integration Suite) |
| ISO | Information Systems Officer |
| ISO | International Organization for Standardization |
| ISP | Internet Service Provider |
| ISPG | Information Security and Privacy Group |
| ISPG | Information Security & Privacy Group |
| ISRA | Information Security Risk Analysis |
| ISSO | Information Systems Security Officer |
| ISSO | Information System Security Officer |
| IT | Information Technology |
| IT PM | Performance Monitoring/Management |
| ITCAM | IBM Tivoli Application Composite Monitor |
| ITIL | Information Technology Infrastructure Library |
| IUI | Inductive Use Interface |
| IV&V | Independent Verification and Validation |
| J2EE | Java 2 Platform Enterprise Edition |
| Java EE | Java Platform, Enterprise Edition |
| JCL | Job Control Language |
| JCP | Java Community Process |
| JDBC | Java Database Connectivity |
| JMS | Java Message Service |
| JMX | Java Management Extensions |
| JNDI | Java Naming and Directory Interface |
| JPEG/JPG | Joint Photographic Experts Group |
| JPS | Java Portlet Specification |
| JRA | Java Resource Adapter |
| JRE | Java Runtime Environment |
| JS | JavaScript |
| JSF | JavaServer Faces |
| JSON | JavaScript Object Notation |
| JSONP | JSON with Padding |
| JSP | Java Server Pages |
| JSR | Java Specification Request |
| KEK | Key Encryption Key |
| KPI | Key Performance Indicator |
| KS | Key Server |
| KSM | Keys and Secrets Management |
| LAN | Local Area Network |
| LASR | Lightweight Asset Summary Results |
| LDAP | Lightweight Directory Access Protocol |
| LDAPS | Secure LDAP, also known as “LDAP over SSL” |
| LDOM | Logical Domain |
| LDP | Label Distribution Protocol |
| LGPL | GNU Lesser General Public License |
| LIR | Local Internet Registry |
| LOA3 | Level of Assurance 3 |
| LPAR | Logical Partition |
| LRECL | Logical Record Length |
| LTC | Long-Term Care |
| LUNS | Logical Unit Numbers |
| MAC (address) | Media access control address |
| MAC | Medicare Administrative Contractor |
| MAC | Medicare Administrative Contractor, Media Access Control |
| MAC PPO | Medicare Administrative Contractor Preferred Provider Organization |
| MAPI | Messaging Application Programming Interface |
| MARx | Medicare Advantage and Prescription Drug System |
| MAS | Medicare Appeals System |
| MBD DW | Medicaid Beneficiary Database Data Warehouse |
| MBES | Medicaid Budget &Expenditures System |
| MBGP | Multiprotocol Border Gateway Protocol |
| MC | Metadata Catalog |
| MCO | Managed Care Organization |
| MD5 | Message Digest number 5 |
| MDB | Message-Driven Bean |
| MDCN | Medicare Data Communications Network |
| MDM | Master Data Management |
| MDM | Mobile Device Management |
| MDR | Master Data Repository |
| MEC | Multichassis Etherchannel |
| MED | Multi-Exit Discriminator |
| MEDPAR | Medical Provider Analysis and Review |
| MFA | Multi-Factor Authentication |
| MFT | Managed File Transfer |
| MIB | Management Information Base |
| MIDAS | Multidimensional Information and Data Analytics System |
| MIG | Medicare Insured Group |
| MIIR | Management Information Integrated Repository |
| MIIS | Microsoft Identity Integration Server |
| MIME | Multipurpose Internet Mail Extension |
| mIoT | Medical Internet of Things |
| MIS | Managed Internet Service |
| MITA | Medicaid Information Technology Architecture |
| MLS | Multi-Level Security |
| MMA | Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (Medicare Modernization Act) |
| MMA | Medicare Modernization Act |
| MMS | Multimedia Message Service |
| MOA | Memorandum of Agreement |
| MOLAP | Multidimensional Online Analytical Processing |
| MOU | Memorandum of Understanding |
| MPEG | Moving Picture Experts Group |
| MPIO | Multipath Input/Output |
| MPL | Mozilla Public License |
| MPLS | Multiprotocol Label Switching |
| MQ | Message Queuing |
| MRI | Magnetic Resonance Imaging |
| ms | millisecond |
| MSHTML | Microsoft Hypertext Markup Language |
| MSIS | Medicaid Statistical Information System |
| MSMQ | Microsoft Message Queuing |
| MTIPS | Managed Trusted Internet Provider Service |
| MTOM | Message Transmission Optimization Mechanism |
| MTU | Maximum Transmission Unit |
| MV | Mainframe Virtualization |
| MX | Mail Exchange Record |
| NA | Network Architecture |
| NAC | Network Asset Control |
| NAPTR | Naming Authority Pointer Record |
| NARA | National Archives and Records Administration |
| NAS | Network-attached Storage |
| NASA | National Aeronautics and Space Administration |
| NAT | Network Address Translation |
| NCH | National Claims History |
| NCPDP | National Council for Prescription Drug Programs |
| NDM | Network Data Mover |
| NFS | Network File System |
| NIC | Network Interface Card |
| NIDS | Network Intrusion Detection System |
| NIDS | Network-based Intrusion Detection System |
| NIEM | National Information Exchange Model |
| NIH | National Institutes of Health |
| NIST | National Institute of Standards and Technology |
| NLR | National Level Repository |
| NMUD | National Medicare Utilization Database |
| NPD | Network Protection Device |
| NPI | National Provider Identifier |
| NPM | Node Package Manager |
| NPPES | National Plan and Provider Enumeration System |
| NPPES | National Plan and Provider Enumeration System |
| NS | Name Server |
| NSA | National Security Agency |
| NSEP | Network Security Endpoint Protection |
| NTP | Network Time Protocol |
| NV | Network Virtualization |
| NVD | National Vulnerability Database |
| O&M | Operations and Maintenance |
| OAGM | Office of Acquisition and Grants Management |
| OASIS | Organization for the Advancement of Structured Information Standards |
| OAuth | Open standard to authorization |
| OC | Office of Communications |
| OCIO | Office of the Chief Information Officer |
| ODBC | Open Database Connectivity |
| ODC | Orthogonal Defect Classification |
| ODS | Operational Data Store |
| OESS | Office of E-Health Standards and Services |
| OFM | Office of Financial Management |
| OID | Object Identifier |
| OIG | Office of the Inspector General |
| OIG | Office of Inspector General |
| OIT | Office of Information Technology |
| OLA | Operational Level Agreement |
| OLAP | Online Access Protocol |
| OLTP | Online Transaction Processing |
| OM&M | Operations and Maintenance Manual |
| OMB | Office of Management and Budget |
| OMB DM | Office of Management and Budget Data Mart |
| ONE PI | One Program Integrity |
| OOB | Out-of-Band |
| OPDIV | Department of Health and Human Services Operating Division |
| ORR | Operational Readiness Review |
| OS | Operating System |
| OSD | Open Source Definition |
| OSI | Open Systems Interconnection |
| OSI | Open Source Initiative |
| OSPF | Open Shortest Path First |
| OSS | Operations Support Systems |
| OSS | Open Source Software |
| OTP | One-Time Password |
| OWASP | Open Web Application Security Project |
| P2P | Point-to-Point Messaging |
| PaaS | Platform as a Service |
| PAN | Processor Area Network |
| PAT | Port Address Translation |
| PB | Petabyte |
| PBAR | Part B Analytics Reports |
| PBKDF | Password-Based Key Derivation Function |
| PC | Personal Computer |
| PCAP | Packet Capture |
| PCI | Peripheral Component Interconnect |
| PCM | Privacy Continuous Monitoring |
| PD | Packing and Deployment |
| PDA | Personal Digital Assistant |
| Portable Document Format | |
| Portable Document File | |
| PDO | PHP Data Objects |
| PDR | Preliminary Design Review |
| PE | Provider Edge |
| PECOS | Provider Enrollment, Chain, and Ownership System |
| PHB | Per-Hop Behavior |
| PHI | Protected Health Information |
| PHP | PHP: Hypertext Preprocessor (PHP) |
| PHR | Personal Health Record |
| PIA | Privacy Impact Assessment |
| PID | Process ID |
| PII | Personally Identifiable Information |
| PIM-SM | Protocol-Independent Multicast-Sparse Mode |
| PISP | Policy for the Information Security Program |
| PKI | Public Key Infrastructure |
| PL/SQL | Oracle Procedural Language/Structured Query Language |
| PL/SQL | Oracle Procedural Language/Structured Language |
| PMM | Performance Monitoring and Measurement |
| PMO | Program Management Office |
| PNG | Portable Network Graphics |
| POA&M | Plan of Action and Milestones |
| POC | Point of Contact |
| POM | Project Object Model |
| PoP | Points of Presence |
| POTS | Plain Old Telephone Service |
| PPA | Project Process Agreement |
| PPID | Parent Process ID |
| PQRI | Physician Quality Reporting Initiative |
| PR/SM | Processor Resource/Systems Manager |
| PRR | Production Readiness Review |
| PS | TIBCO Platform Server |
| PS&R | Provider Statistics & Reimbursement Report |
| PSL | Problem Statement Language |
| PSTN | Public-Switched Telephone Network |
| PTR | Pointer Record |
| PUB | Publication |
| Pub/Sub | Publication and Subscription Messaging |
| PVLAN | Private Virtual Local Area Network |
| PZ | Presentation Zone |
| QIES | Quality Improvement Evaluation System |
| QIPS | QualityNet Identity Provisioning System |
| QM | Queue Manager |
| QoS | Quality of Service |
| QTSO | QIES Technical Support Office |
| R/SSO | Reduced or Single Sign-On |
| RA | Router Advertisement |
| RA | Risk Assessment |
| RACF | Resource Access Control Facility |
| RACI | Responsible, Accountable, Consulted, Informed |
| RAID | Random Array of Inexpensive Disks |
| RAM | Random Access Memory |
| RAML | RESTful API Modeling Language |
| RAPS | Risk Adjustment System |
| RBAC | Role-Based Access Control |
| RBS | Role-Based Security |
| RBT | Role-based Training |
| RCA | Root Cause Analysis |
| RDBMS | Relational Database Management System |
| RDP | Remote Desktop Protocol (Microsoft) |
| RDS-COB | Retiree Drug Subsidy - Coordination of Benefits |
| ResDAC | CMS Research Data Assistance Center |
| REST | Representational State Transfer |
| REXX | Restructured Extended Executor |
| RFC | Request for Comment |
| RFI | Request for Information |
| RFP | Request for Proposal |
| RIA | Rich Internet Application |
| RIB | Routing Information Base |
| RM | Release Management |
| RMF | Risk Management Framework |
| RMH | Risk Management Handbook |
| RMI | Remote Method Invocation (Java) |
| RO | Regional Office(s) of CMS |
| ROLAP | Relational Online Analytical Processing |
| RP | Recommended Practice |
| RP | Relying Party |
| RP | Recommended Practices |
| RPC | Remote Procedure Call |
| RPO | Recovery Point Objective |
| RRB | Railroad Retirement Board |
| RSS | Rich Site Summary |
| RSS | Really Simple Syndication |
| RTO | Recovery Time Objective |
| RTT | Round-Trip Time |
| S/FTP | Secure Shell File Transfer Protocol |
| S3 | Simple Storage Service |
| SA | Security Administration |
| SA | Software Architecture |
| SaaS | Software as a Service |
| SAE | Security Architecture and Engineering |
| SAML | Security Assertion Markup Language |
| SAN | Storage Area Network |
| SANS | SysAdmin, Audit, Network, Security |
| SAS | Serial Attached SCSI |
| SATA | Serial Attached Technology Adapted |
| SB | Swing Bed |
| SBI | Software Build and Integration |
| SC | Security Configuration; System and Communications Protection |
| SC | Security Category |
| SC | Security Configuration |
| SC | Software Coding |
| SCA | Security Control Assessment |
| SCAP | Security Content Automation Protocol |
| SCM | Software Configuration Management |
| SCSI | Small Computer System Interface |
| SD | Software Design |
| SDK | Software Developer Kit |
| SDK | Software Development Kit |
| SDLC | System Development Life Cycle |
| SDM | System Developer and Maintainer |
| SDOC | Supplier’s Declaration of Conformity |
| SE | Security |
| SEI® | Software Engineering Institute |
| SEMG | Security and Emergency Management Group |
| SG | Services General |
| SGML | Standard Generalized Markup Language |
| SHA1 | Secure Hash Algorithm 1 |
| SHA2 | Secure Hash Algorithm 2 |
| SHA256 | SHA2 w/256-bit digest |
| SIA | Security Impact Analysis |
| SID | System ID |
| SIEM | Security Information and Event Management |
| SLA | Service Level Agreement |
| SLAAC | Stateless Auto-configuration |
| SLO | Service Level Objective |
| SLS | Scalable Login Service |
| SM | System Maintenance |
| SMB | Small Message Block |
| SME | Subject Matter Expert |
| SMS | Short Message Service |
| SMTP | Simple Mail Transfer Protocol |
| SNA | System Network Architecture |
| SNMP | Simple Network Management Protocol |
| SO | Security Operations |
| SOA | Service-Oriented Architecture |
| SOAP | Simple Object Access Protocol |
| SOC | Security Operations Center |
| SOCaaS | Security Operations Center as a Service |
| SONET | Synchronous Optical Networking |
| SOP | Senior Official on Privacy |
| SOR | System of Record |
| SORN | System of Record Notice |
| SP | Special Publication |
| SPA | Single Page Applications |
| SPI | Sensitive Personal Information |
| SPI | Security Programming Interface |
| SQ | Software Quality |
| SQL | Structured Query Language |
| sRGB | Standard Red, Green, and Blue |
| SRM | Service Reference Model |
| SRP | Single Responsibility Principle |
| SS | Secure Software |
| SSA | Social Security Administration |
| SSD | Solid-State Drive |
| SSH | Secure Shell |
| SSL | Secure Sockets Layer |
| SSN | Social Security Number |
| SSO | Single Sign-On |
| SSO | System Security Officer |
| SSP | System Security Plan |
| SSPMO | Shared Services Project Management Office |
| ST&E | Security Test and Evaluation |
| STAR | System for Tracking Audit & Reimbursement |
| STIG | Security Technical Implementation Guide (DISA) |
| STIX | Structured Threat Information eXpression |
| SUA | Software Usage Analysis |
| SV | Server Virtualization |
| SVG | Scalable Vector Graphics |
| SW | Software |
| SWAM | Software Asset Management |
| SWCI | Software Configuration Item |
| T1HV | Windows Virtualization |
| T2HV | UNIX Virtualization |
| TAP | Test Anything Protocol |
| TB | Terabyte |
| TCO | Total Cost of Ownership |
| TCP | Transmission Control Protocol |
| TEK | Traffic Encryption Key |
| Term | Definition |
| TIC | Trusted Internet Connectivity |
| TIC | Trusted Internet Connection |
| TICAP | Trusted Internet Connection Access Provider |
| TID | Target ID |
| TIFF | Tagged Image File Format |
| TLC | Target Life Cycle |
| TLS | Transport Layer Security |
| T-MSIS | Transformed Medicaid Statistical Information System |
| ToS | Type of Service |
| TP | Transport Protocol |
| TPWA | Third-Party Websites and Applications |
| TPWS | Third-Party Web Site |
| TRA | Technical Reference Architecture |
| TRB | Technical Review Board |
| TSIG | Transaction Signature |
| TSO | Time Sharing Option |
| TSS | Computer Associates Top Secret Security Access Control Program (ACP) |
| TTL | Time-to-Live |
| TTP-HFPP | Trusted Third Party – Healthcare Fraud Prevention Partnership |
| TWS | Tivoli Workload Scheduler |
| TXT | Text Record |
| UA | Universal Accessibility |
| UAAG | User Agent Accessibility Guidelines |
| UAT | User Acceptance Testing |
| UC | Unified Communications |
| UCD | User-Centered Design |
| UDDI | Universal Description, Discovery, and Integration |
| UDP | User Datagram Protocol |
| UGA | Unique Global Unicast Address |
| UID | User Identifier |
| URI | Uniform Resource Identifier |
| URL | Universal Resource Locator |
| US-CERT | United States Computer Emergency Response Team |
| USG | United States Government |
| USGCB | US Government Configuration Baseline |
| UTC | Universal Time Coordinate |
| UTF | Unicode Transformation Format |
| UX | User Experience |
| VAT | Vulnerability Assessment Team |
| VBS | Verizon Business Systems |
| VC | Version Control |
| VCS | Veritas Cluster Server |
| VCS | Version Control System |
| VDC | Virtual Data Center |
| VDC | Virtual Device Context |
| VDD | Version Description Document |
| VDI | Virtual Desktop Integration |
| VDM | Virtual Data Mart |
| VI | VMWare Infrastructure |
| VLAN | Virtual Local Area Network |
| VM | Virtual Machine |
| VMFS | VMware Virtual Machine File System |
| VPC | Virtual Private Cloud |
| vPC | Virtual Port Channel |
| VPN | Virtual Private Network |
| VRF | Virtual Routing and Forwarding |
| VRR | Validation Readiness Review |
| VSAM | Virtual Storage Access Management |
| VSN | Virtual Server Network |
| VSS | Virtual Switching Systems |
| VUL | Vulnerability Management |
| W3C | World Wide Web Consortium |
| WADL | Web Application Description Language |
| WAF | Web Application Firewall |
| WAI | Web Accessibility Initiative |
| WAN | Wide Area Network |
| WAS | WebSphere Application Server |
| WCAG | Web Content Accessibility Guidelines |
| WCM | Web Content Management |
| WCMS | Web Content Management System |
| WDSL | Web Services Description Language |
| WebDAV | Web Distributed Authoring and Versioning |
| Wi-Fi | Wireless Fidelity |
| WINS | Windows Internet Name Services |
| WMI | Windows Management Instrumentation |
| WPS | Wisconsin Physicians Service |
| WS | Web Services |
| WS-BPEL | Web Services-Business Process Execution Language |
| WS-I | Web Services Interoperability |
| WSRP | Web Services for Remote Portlets |
| WSSE | Web Services Security Elements |
| XCCDF | Extensible Configuration Checklist Description Format |
| XHTML | Extensible HyperText Markup Language |
| XML | Extensible Markup Language |
| XMLA | Extensible Markup Language Administration |
| XMLA | Extensible Markup Language Authentication and Authorization |
| XMLG | Extensible Markup Language General |
| XMLP | Extensible Markup Language Protection |
| XOP | XML-binary Optimized Packaging |
| XP | Extreme Programming |
| XSD | XML Schema Definition |
| XSLT | Extensible Stylesheet Language Transformation |
| XSS | Cross-Site Scripting |
| YUI | Yahoo! User Interface |
| ZTA | Zero Trust Architecture |
| ZTMM | Zero Trust Maturity Model |
| z/VM | IBM hypervisor for the virtualization technology platform supporting IBM virtual operating systems |