Cybersecurity Standards and Legal Bodies

An A-Z list of common cybersecurity standards, acronyms, and abbreviations for industry legal bodies 

As a cybersecurity writer, I have the unique opportunity to be at the crossroads where where marketing and cybersecurity intersect. This convergence of disciplines creates the perfect breeding ground for the proliferation of acronyms, especially when combined with cybersecurity standards and legislation. During my content creation journey in cybersecurity, I have, as a result, found it necessary to create a comprehensive catalog of cybersecurity acronyms and abbreviations – to understand the difference between the likes of ISA-99 and PCI DSS 4, and where the TrueFort Platform fits into the legislative security landscape.

This (hopefully) valuable resource covers a wide range of industry standards, general cybersecurity terms, job roles, and positions. I hope this collected list is helpful to someone out there – it certainly has, on occasion, been useful to me and my colleagues in marketing. I will try to include relevant citations and official resources wherever possible to provide further credibility, and this ‘catalog’ is currently divided into three categories, each deserving of a dedicated blog post in an attempt to make this more readable. Please explore the other posts to understand the relevant terms for:

• General cybersecurity terms and acronyms

• Cybersecurity job role acronyms and IT security positions 

For quick reference within your browser on each page, I recommend Control+F (PC)/Command+F (Mac) to search through the lists quickly. 

Legal body abbreviations and cybersecurity standards

• CCPA (California Consumer Privacy Act) – A California state law that provides residents with specific data privacy rights and requires businesses to disclose what personal information they collect, use, and share.   
• CERT (Computer Emergency Response Team) – A group of information security professionals responsible for coordinating responses to cybersecurity incidents and providing guidance on preventing future incidents.  
• CFAA (Computer Fraud and Abuse Act) – A US law that criminalizes unauthorized access to computer systems and networks.  
• CIS (Center for Internet Security) – A non-profit organization that provides cybersecurity solutions, including the CIS Critical Security Controls, a prioritized set of actions to improve security.   
• CMMC (Cybersecurity Maturity Model Certification) – A certification program for organizations in the US Department of Defense (DoD) supply chain to ensure that they meet specific cybersecurity requirements. 
• COBIT (Control Objectives for Information and Related Technologies) – A framework for IT governance and management that provides a set of best practices for organizations to achieve their IT objectives. 
• CSA (Cloud Security Alliance) – A non-profit organization that promotes best practices for providing security assurance within cloud computing. IAPP (International Association of Privacy Professionals) – A global community of privacy professionals that provides education, certification, and resources for data protection. 
• CVE (Common Vulnerabilities and Exposures) – A publicly accessible database of known cybersecurity vulnerabilities, often used to identify and address security risks in IoT devices and systems. 
• DFARS (Defense Federal Acquisition Regulation Supplement) – A set of regulations that governs the acquisition of products and services by the US Department of Defense, including specific requirements for cybersecurity and data protection. 
• FCC (Federal Communications Commission) – A US government agency responsible for regulating interstate and international communications, including the allocation of radio frequency spectrum used by IoT devices. 
• FISMA (Federal Information Security Management Act) – A US law that requires federal agencies to develop, document, and implement an information security program to protect their systems and data.
• GDPR (General Data Protection Regulation) – A comprehensive data privacy regulation enacted by the European Union (EU) that provides guidelines for the handling of personal data of EU citizens. 
• GLBA (Gramm-Leach-Bliley Act) – A US law that requires financial institutions to protect the privacy and security of customer information. 
• HIPAA (Health Insurance Portability and Accountability Act) – A US law that regulates the privacy and security of health information. 
• IETF (Internet Engineering Task Force) – An international organization that develops and promotes voluntary Internet standards, including those related to IoT technologies. 
• ISA (International Society of Automation) – A non-profit organization that develops standards, certifies industry professionals, and provides education and training in the fields of automation and control. 
• ISA-99/IEC 62443 – A series of standards developed by the International Society of Automation and the International Electrotechnical Commission for industrial automation and control system security. 
• ISO/IEC 27001 (International Organization for Standardization/International Electrotechnical Commission 27001) – A global standard for information security management systems (ISMS) that outlines best practices for managing and protecting sensitive data. 
• ITU (International Telecommunication Union) – A specialized agency of the United Nations that develops international standards and regulations for information and communication technologies, including IoT. 
• NB-IoT (Narrowband Internet of Things) – A low-power, wide-area network (LPWAN) technology that allows IoT devices to communicate over long distances with minimal power consumption, often used for remote monitoring and asset tracking. 
• NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) – A set of standards designed to protect the critical infrastructure of the bulk electric system in North America from cybersecurity threats. 
• NIS2: European (EU) initiative to standardize and promote security protocols of networks and information systems across Europe.
• NIST (National Institute of Standards and Technology) – A US agency that promotes innovation and industrial competitiveness by developing standards, guidelines, and best practices for various industries, including cybersecurity. 
• NISTIR 8228 (NIST Interagency Report 8228) – A report by the National Institute of Standards and Technology providing guidance on securing IoT devices and networks.
• oneM2M – A global standardization initiative that aims to develop a common, interoperable framework for machine-to-machine (M2M) and IoT applications. 
• OWASP (Open Web Application Security Project) – A non-profit organization focused on improving the security of software by providing tools, resources, and best practices for developers and security professionals. 
• PCI DSS (Payment Card Industry Data Security Standard) – A set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. 
• RoT (Root of Trust) – A trusted, secure foundation for an IoT device’s hardware and software, ensuring the integrity and authenticity of the device’s operations. 
• SANS (SysAdmin, Audit, Network, and Security) Institute – A research and education organization that provides training and certification for cybersecurity professionals. 
• SCADA (Supervisory Control and Data Acquisition) – A system for controlling and monitoring industrial processes. 
• SDO (Standards Development Organization) – An organization that develops, promotes, and maintains technical standards, including those related to IoT technologies and their implementation. 
• SOX (Sarbanes-Oxley Act) – A US law that sets requirements for corporate financial reporting and establishes governance and auditing standards for publicly traded companies.  
• TIA (Telecommunications Industry Association) – A global trade association that represents manufacturers and suppliers of information and communications technology, including IoT devices and infrastructure. 
• Zigbee – A wireless communication standard based on the IEEE 802.15.4 protocol, designed for use in low-power, low-data-rate IoT applications, such as home automation and smart energy management. 

As industry standards constantly evolve, with new guidelines and industry cybersecurity revisions appearing almost weekly, I will make every effort to ensure the list and associated links remain current. However, please note that I can only speak for the accuracy of this list at the time of the original publication.

The list is organized into three distinct categories, each covered in separate blog posts, focusing on general industry terms and abbreviations, this post covers legal body abbreviations and cybersecurity standards, and there is a further post on the topic of cybersecurity job role acronyms and IT security positions.

While this compilation is far from exhaustive, I do sincerely hope it proves valuable to our readers, and please feel free to contact me if you see any glaring omissions I should be aware of.