Acronym

Phrase

Definition

SAML

Security Assertion Markup Language

Works by exchanging user information, such as logins, authentication state, identifiers, and other relevant attributes between the identity and service provider. As a result, it simplifies and secures the authentication process as the user only needs to log in once with a single set of authentication credentials.

SDLC

Software Development Life Cycle

A structured process that enables the production of high-quality, low-cost software, in the shortest possible production time. The goal of the SDLC is to produce superior software that meets and exceeds all customer expectations and demands.

SIEM

Security Information and Event Management

Technology that supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources.

SIG

Standardized Information Gathering (Questionnaire)

A repository of third-party information security and privacy questions, indexed to multiple regulations and control frameworks.

SLA

Service-Level Agreement

Sets the expectations between the service provider and the customer and describes the products or services to be delivered, the single point of contact for end-user problems, and the metrics by which the effectiveness of the process is monitored and approved.

SOC 1

Systems and Organization Controls

A SOC 1 report is for organizations whose internal security controls can impact a customer’s financial statements such as payroll, claims, or payment processing companies. SOC 1 reports can assure customers that their financial information is being handled securely.

SOC 2

Systems and Organization Controls

A SOC 2 report is a security framework that specifies how organizations should safeguard customer data. The American Institute of CPAs (AICPA) developed SOC 2 around five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

SOC 3

Systems and Organization Controls

A SOC 3 report is a public report of internal controls over security, availability, processing integrity, and confidentiality. This report is less detailed than SOC 2.

SQL

Structured Query Language

A standardized programming language that is used to manage relational databases and perform various operations on the data in them.

SSO

Single Sign-On

An authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

TISAX

Trusted Information Security Asset Exchange

An information exchange that was founded by the German Association of the Automotive Industry. Vendors who wish to work with TISAX members are usually required to share their existing assessment or complete a new assessment as part of the due diligence process.

TLS

Transport Layer Security

TLS is the successor to Secure Sockets Layer (SSL) and is a cryptographic protocol used to encrypt data in-transit over a computer network.

VPN

Virtual Private Network

A service that establishes a secure, encrypted connection while using a public network.

VSA

The Vendor Security Alliance

A coalition of companies committed to improving Internet security.

VSA Core

The Vendor Security Alliance Core

This questionnaire, first available on October 24th, 2019, comprises the most critical questions on vendor security in addition to privacy. The privacy section covers both US Privacy (data breach notification requirements plus the new California data privacy law (CCPA)), plus EU Privacy (General Data Protection Regulation (GDPR)).

WAF

Web Application Firewall

Protects web applications from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others.

XXS

Cross-Site Scripting

An attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it.

Did this answer your question?