System and network security abbreviations

The US National Institute of Standards and Technology (NIST) recently published System and Network Security Acronyms and Abbreviations (PDF; NIST Interagency Report 7581, September 2009), in the hope of bringing ‘some order to the sometimes inconsistent and often confusing world of IT (information technology) acronyms and abbreviations by publishing a glossary of commonly used terms.’ (http://gcn.com/articles/2009/10/05/nist-glossary-acronyms-abbreviations.aspx).

While this is a great list, the description of the conventions used may be helpful to anyone else who has to develop a list of acronyms and abbreviations:

In the latest report, NIST adopted a set of conventions for acronyms and abbreviations and their definitions.

• Abbreviations and acronyms generally appear in all capital letters, though there are exceptions — for example, meter (m) and decibels referenced to 1 milliwatt (dBm).
• Technical terms are not capitalized unless they are proper nouns, which include the names of people, places and groups, and the formal titles of protocols, standards and algorithms. For example, certification and accreditation (C&A) is not capitalized, but Advanced Encryption Standard (AES) is.
• Collective nouns are not capitalized — for example, wide-area network (WAN).
• When two or more definitions of the same acronym or abbreviation are given, the acronym or abbreviation is italicized and repeated for each definition.

[Links last checked November 2009]