Appendix A: Abbreviations and Acronyms
======================================

The following acronyms are used in this publication. 

**API**  
Application Programming Interface 

**ATT&CK** 
Adversarial Tactics, Techniques & Common Knowledge 

**BIO-ISAC** 
Bioeconomy Information Sharing and Analysis Center 

**CAP** 
College of American Pathologists 

**CLIA** 
Clinical Laboratory Improvement Amendments 

**DFD**	 
Dataflow Diagram 

**DMZ** 
Demilitarized Zone 

**DNA** 
Deoxyribonucleic acid 

**FDA** 
Food and Drug Administration 

**GCP** 
Good Clinical Practice 

**GDPR** 
EU General Data Protection Regulation 

**GINA** 
Genetic Information Nondiscrimination Act of 2008 

**HIPAA** 
Health Insurance Portability and Accountability Act 

**IR** 
Internal Report 

**IRB** 
Institutional Review Board 

**LIMS** 
Laboratory Information Management System 

**LINDDUN** 
Linking, Identifying, Detecting, Data Disclosure, Unawareness and Unintervenability, and Non-compliance privacy threat types 

**MO** 
Mission Objective 

**NCCoE** 
National Cybersecurity Center of Excellence 

**NIH** 
National Institutes of Health 

**NIST**  
National Institute of Standards and Technology 

**OSS** 
Open-Source Software 

**PANOPTIC** 
Pattern and Action Nomenclature Of Privacy Threats In Context 

**PEO** 
Privacy Engineering Objective 

**PET** 
Privacy-Enhancing Technology 

**PF** 
NIST Privacy Framework 

**PRAM** 
Privacy Risk Assessment Methodology 

**SP** 
NIST Special Publication 

**STRIDE** 
Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege cybersecurity threat types 

**SQL** 
Structured Query Language 

**TRF** 
Test Request Form