Acronym Listing

Does Ohio State's growing list of acronyms have you wondering what everyone is talking about? Let us assist.

AcronymTermWhat is it?
AWGAssessment Working GroupOhio State Security Group; a sub-working group of the Information Security Advisory Board (SAB), assists in accessing and making recommendations about third party and/or vendor information systems and technology used cross-unit or university-wide.
COPPAChildren’s Online Privacy Protection Rule Federal Rule; imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. 
CUIControl of Unclassified InformationFederal Requirement; intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations, applies to all components of nonfederal information systems and organizations that process, store, transmit, or provide security protection for such components. 
FCRAFair Credit Reporting ActFederal Law; adds provisions designed to improve the accuracy of consumers' credit-related records, prevent and mitigate identity theft, and enable consumers to place fraud alerts in their credit files.
FERPAFamily Educational Rights and Privacy Act Federal Law; was enacted to protect the privacy of students' education records, sets strict instructions and limitations governing the release of information about students.
FISMAFederal Information Security Modernization ActFederal Law; defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.
FTCFederal Trade Commission ActFederal Law; established Federal Trade Commission, empowered to prevent unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce, among other things.
GLBAGramm-Leach-Bliley ActFederal Law; requires financial institutions, companies that offer consumers financial products or services like loans, financial or investment advice, or insurance, to explain their information-sharing practices to their customers and to safeguard sensitive data.
HIPAAHealth Insurance Portability and Accountability ActFederal Law; to establish and protect patient rights. HIPAA governs standards of protection of individually identifiable health information, otherwise known as protected health information (PHI).
IDCCInstitutional Data Classification CommitteeOhio State Committee; serves as the governance committee for institutional data classification.
IDPInstitutional Data PolicyPolicy; outlines requirements for the protecting institutional data in accordance with legal, regulatory, administrative and contractual requirements; intellectual property and ethical considerations; strategic or proprietary value; and/or operational use.
IRMFInformation Risk Management Framework Framework; cross-references or “maps” the security controls of Ohio State’s Information Security Standard (ISS) and Information Security Control Requirements (ISCR) to other security standards and regulations.
IRSInformation Risk SurveySurvey; gathers data in an an ongoing university-wide effort to measure Ohio State’s level of information risk, determine if the university's information security efforts are sufficient, and determine where improvements are possible.
ISCRInformation Security Control RequirementsRequirements; provide detailed implementation guidance for each security control specified in the Information Security Standard (ISS). These control requirements apply to all university information systems and assets under the university’s control and to the people who access these systems.
ISSInformation Security StandardStandard; defines 30 risk areas for the university. Each risk area includes a security objective, as well as a list of security controls to be used to meet the stated objective.
ISSAInformation Security Self-Assessment Assessment; provides an in-depth assessment of both the level of compliance with Ohio State’s Information Security Standards and the level of effectiveness of the security controls that organizations have implemented. 
ITARInternational Traffic in Arms Regulation Federal Regulations; governs all military, weapons, and space-related items and services as enumerated on the U.S. Munitions List.
 
PCI

Payment Card Compliance Policy

Industry Requirements; established to protect cardholder data, apply to any person or unit that stores, processes or transmits cardholder data.
RSTGResearch Security Standards Technical Working GroupOhio State Group; a sub-working group of the Information Security Advisory Board (SAB)identifies and recommend processes, technology, and controls that can be implemented for research systems in order for the university to fulfill and maintain its compliance obligations to data security standards and regulations.
RSWGResearch Security Working GroupOhio State Group; a sub-working group of the Information Security Advisory Board (SAB)evaluates and makes recommendations regarding securing research activities according to law, contract requirements, and acceptable practice to the SAB.
SABSecurity Advisory BoardOhio State Advisory Board; ensures effective oversight of the university's information and technology risk management and compliance practices.