Appendix A List of Acronyms ============================ +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **AI** | Artificial Intelligence | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **AI BOM** | Artificial Intelligence Bill of Materials | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **AKV** | Azure Key Vault | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **API** | Application Programming Interface | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **App** | Application or Applet | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **AzDO** | Azure DevOps | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **CI/CD** | Continuous Integration/Continuous Delivery | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **CLI** | Command Line Interface | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **CSPM** | Cloud Security Posture Management | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **DAST** | Dynamic Application Security Testing | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **DevOps** | Development Operations | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **DevSecOps** | Secure Development Operations | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **GHAS** | GitHub Advanced Security | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **GHAzDO** | GitHub Advanced Security for Azure DevOps | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **HSM** | Hardware Security Module | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **IaC** | Infrastructure as Code | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **IAST** | Interactive Application Security Testing | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **ICAM** | Identity Credential Access Management | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **ID** | Identity | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **IDE** | Integrated Development Environment | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **IoT** | Internet of Things | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **MDC** | Microsoft Defender for Cloud | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **MLOps** | Machine Learning Operations | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **NCCoE** | National Cybersecurity Center of Excellence | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **NIST** | National Institute of Standards and Technology | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **NVD** | National Vulnerability Database | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **OSV** | Open Source Vulnerability | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **OT** | Operational Technology | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **PDP** | Policy Decision Point | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **PEP** | Policy Enforcement Point | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **PO** | Prepare the Organization | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **PS** | Protect Software | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **PW** | Produce Well-Secured Software | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **RV** | Respond to Vulnerabilities | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **SAST** | Static Application Security Testing | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **SBOM** | Software Bill of Materials | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **SCA** | Software Composition Analysis | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **SCM** | Source Code Management | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **SDK** | Software Development Kit | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **SDLC** | Software Development Lifecycle | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **SIEM** | Security Information and Event Management | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **SLSA** | Supply- chain Levels for Software Artifacts | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **SOAR** | Security Orchestration, Automation and Response | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **SP** | Special Publication | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **SSDF** | Secure Software Development Framework | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | **ZTA** | Zero Trust Architecture | +----------------------------------------------+---------------------------------------------------------------------------------------------------------------+