Appendix A List of Acronyms
AI |
Artificial Intelligence |
AI BOM |
Artificial Intelligence Bill of Materials |
AKV |
Azure Key Vault |
API |
Application Programming Interface |
App |
Application or Applet |
AzDO |
Azure DevOps |
CI/CD |
Continuous Integration/Continuous Delivery |
CLI |
Command Line Interface |
CSPM |
Cloud Security Posture Management |
DAST |
Dynamic Application Security Testing |
DevOps |
Development Operations |
DevSecOps |
Secure Development Operations |
GHAS |
GitHub Advanced Security |
GHAzDO |
GitHub Advanced Security for Azure DevOps |
HSM |
Hardware Security Module |
IaC |
Infrastructure as Code |
IAST |
Interactive Application Security Testing |
ICAM |
Identity Credential Access Management |
ID |
Identity |
IDE |
Integrated Development Environment |
IoT |
Internet of Things |
MDC |
Microsoft Defender for Cloud |
MLOps |
Machine Learning Operations |
NCCoE |
National Cybersecurity Center of Excellence |
NIST |
National Institute of Standards and Technology |
NVD |
National Vulnerability Database |
OSV |
Open Source Vulnerability |
OT |
Operational Technology |
PDP |
Policy Decision Point |
PEP |
Policy Enforcement Point |
PO |
Prepare the Organization |
PS |
Protect Software |
PW |
Produce Well-Secured Software |
RV |
Respond to Vulnerabilities |
SAST |
Static Application Security Testing |
SBOM |
Software Bill of Materials |
SCA |
Software Composition Analysis |
SCM |
Source Code Management |
SDK |
Software Development Kit |
SDLC |
Software Development Lifecycle |
SIEM |
Security Information and Event Management |
SLSA |
Supply- chain Levels for Software Artifacts |
SOAR |
Security Orchestration, Automation and Response |
SP |
Special Publication |
SSDF |
Secure Software Development Framework |
ZTA |
Zero Trust Architecture |