List of Acronyms and Abbreviations

AA
Architecture Assessment (SAMM Practice)
ADFS
Active Directory Federation Services
ASVS
OWASP Application Security Verification Standard
AV
Anti-Virus
BOM
Bill of Materials
CPE
Common Platform Enumeration
CVE
Common Vulnerabilities and Exposures
CVSS
Common Vulnerability Scoring System
CWE
Common Weakness Enumeration
DAST
Dynamic Application Security Testing
DDoS
Distributed Denial of Service
DM
Defect Management (SAMM Practice)
DOD
Definition of Done
DOR
Definition of Ready
DoS
Denial of Service
EM
Environment Management (SAMM Practice)
EG
Education and Guidance (SAMM Practice)
ESB
Enterprise Service Bus
GDPR
General Data Protection Regulation (European Union law)
HSM
Hardware Security Module
IAM
Identity and Access Management
IAST
Interactive Application Security Testing
IDE
Integrated Development Environment
IM
Incident Management (SAMM Practice)
KPI
Key Performance Indicator
LDAP
Lightweight Directory Access Protocol
NIST
National Institute of Standards and Technology (US Agency)
NVD
National Vulnerability Database (US)
OM
Operational Management (SAMM Practice)
OS
Operating System
OWASP
Open Web Application Security Project
PC
Policy and Compliance (SAMM Practice)
QA
Quality Assurance
RASP
Runtime Application Self-Protection
RCA
Root Cause Analysis
RDT
Requirements-Driven Testing (SAMM Practice)
REST
REpresentational State Transfer
SA
Security Architecture (SAMM Practice)
SAMM
Software Assurance Maturity Model
SAST
Static Application Security Testing
SB
Secure Build (SAMM Practice)
SD
Secure Deployment (SAMM Practice)
SDLC
Software Development Life Cycle
SLA
Service Level Agreement
SM
Strategy and Metrics (SAMM Practice)
SMART
Specific, Measurable, Actionable, Relevant, and Time-bound
SOAP
Simple Object Access Protocol
SR
Security Requirements (SAMM Practice)
SSO
Single Sign-On
ST
Security Testing (SAMM Practice)
STRIDE
Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege
SWIFT
Society for Worldwide Interbank Financial Telecommunication
TA
Threat Assessment (SAMM Practice)
TLS
Transport Layer Security
TPM
Trusted Platform Module
UAT
User Acceptance Test
VA
Vulnerability Analysis
WAF
Web Application Firewall
ZAP
OWASP Zed Attack Proxy