Appendix A: Abbreviations and Acronyms

The following acronyms are used in this publication.

API Application Programming Interface

ATT&CK Adversarial Tactics, Techniques & Common Knowledge

BIO-ISAC Bioeconomy Information Sharing and Analysis Center

CAP College of American Pathologists

CLIA Clinical Laboratory Improvement Amendments

DFD Dataflow Diagram

DMZ Demilitarized Zone

DNA Deoxyribonucleic acid

FDA Food and Drug Administration

GCP Good Clinical Practice

GDPR EU General Data Protection Regulation

GINA Genetic Information Nondiscrimination Act of 2008

HIPAA Health Insurance Portability and Accountability Act

IR Internal Report

IRB Institutional Review Board

LIMS Laboratory Information Management System

LINDDUN Linking, Identifying, Detecting, Data Disclosure, Unawareness and Unintervenability, and Non-compliance privacy threat types

MO Mission Objective

NCCoE National Cybersecurity Center of Excellence

NIH National Institutes of Health

NIST National Institute of Standards and Technology

OSS Open-Source Software

PANOPTIC Pattern and Action Nomenclature Of Privacy Threats In Context

PEO Privacy Engineering Objective

PET Privacy-Enhancing Technology

PF NIST Privacy Framework

PRAM Privacy Risk Assessment Methodology

SP NIST Special Publication

STRIDE Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege cybersecurity threat types

SQL Structured Query Language

TRF Test Request Form