ASD's Blueprint for Secure Cloud


Estimated reading time: 6 minutes


AACAASD Approved Cryptographic Algorithm
ABACAs Built As Configured
ACLAccess Control List
ACSCAustralian Cyber Security Centre
ADActive Directory
ADFSActive Directory Federation Services
ADMXAdministrative Template XML Based
AESAdvanced Encryption Standard
AGSVAAustralian Government Security Vetting Agency
AIPAzure Information Protection
APIApplication Programming Interface
APP IDApplication Identifier
ARMAzure Resource Manager
ASDAustralian Signals Directorate
ASRAttack Surface Reduction
ATPAdvanced Threat Protection
AUPDNSAustralian Protective Domain Name Service
Autodiscover for ExchangeThe Exchange Autodiscover service provides an easy way for client applications to configure itself with minimal user input
AutorunAutorun shows which programs are configured to run during system bootup or login and when users start various built-in Windows applications like Internet Explorer, Explorer and media players
AWSAmazon Web Services


BAUBusiness as Usual
BIOSBasic Input Output System
BitlockerBitLocker is a Windows encryption technology that protects data from unauthorized access by encrypting a drive and requiring one or more factors of authentication before it will unlock
BYODBring Your Own Device


CASClient Access Services
CASBCloud Access Security Broker
CEFCommon Event Format
CIEMCloud Infrastructure Entitlements Management
CISOChief Information Security Officer
Checkm8Checkm8 is a jailbreak exploit for iOS devices.
CNAMECanonical Name
CPUCentral Processing Unit
CRMCustomer Relationship Management
CSMCompatibility Support Module
CSVComma Separated Values


DataverseMicrosoft Dataverse is a secure and scalable low-code data platform.
DEMDevice Enrolment Manager
DEPDevice Enrolment Program
DLPData Loss Prevention
DKIMDomain Key Identified Mail
DMADirect Memory Access
DMARCDomain-based Message Authentication, Reporting and Conformance
DNSDomain Name System
DTADigital Transformation Agency


EDREndpoint Detection and Response
ELAMEarly Launch Anti-Malware
EMETEnhanced Mitigation Experience Toolkit
EMSEnterprise Mobility and Security
EntraMicrosoft’s identity and network access management solution
Entra IDEntra Identification; formerly known as Azure Active Directory
ETWEvent Tracing for Windows
EXODSExchange Online Directory Services


FIDOFIDO Authentication, developed by the FIDO Alliance, is a global authentication standard based on public key cryptography
FIPSFederal Information Processing Standard is a US and Canadian government standard that specifies the security requirements for cryptographic modules that protect sensitive information
FSLogixFSLogix is a profile management solution used to apply personalisation to user sessions for application and desktop virtualisation technologies such as Citrix and Microsoft Azure AVD (Azure Virtual Desktop) and enable “roaming profiles”
FQDNFully Qualified Domain Name
FTPFile Transfer Protocol


GALGlobal Address List
GCPGoogle Cloud Platform
GDPRGeneral Data Protection Regulation
GIFGraphics Interchange Format
GIPHYAn online database and search engine that enables users to search for and share animated GIF files
GMTGreenwich Mean Time
GPOGroup Policy Object


HDDHard Disk Drive
HIPSHost-based Intrusion Protection System
HMACHash-based Message Authentication Code
HSTIHardware Security Testability Specification; protects against misconfiguration of security features on Windows devices
HTTPHypertext Transfer Protocol
HTTPSHypertext Transfer Protocol Secure


IAMIdentity Access Management
ICAPInternet Content Adaption Protocol
ICTInformation and Communications Technology
IISInternet Information Services
IMInstant Messaging
IMAPInternet Message Access Protocol
InfoSecInformation Security
IntuneMicrosoft Intune is a cloud-based endpoint management solution
IPMIIntelligent Platform Module Interface
IRAPInfoSec Registered Assessors Program
ISMInformation Security Manual
ISOInternational Standards Organisation
ITSAInformation Technology Security Advisor


JITJust in Time
Joint Photographic Experts Group


KeychainApple’s password and account management solution
KMSKey Management Services


LANLocal Area Network
LAPSLocal Administrator Password Solution
LDAPLightweight Directory Access Protocol
LOBLine Of Business
LockboxCustomer Lockbox is a means to ensure Microsoft is restricted from accessing an organisation’s content without explicit approval from an authorised organisation representative
LSALocal Security Authority
LTSCLong-Term Servicing Channel
LyncMicrosoft Lync is a instant messaging (IM), audio and video call solution


MAKMultiple Activation Key
MAMMobile Application Management
MCASMicrosoft Cloud App Security
MDMMobile Device Management
MDVMMicrosoft Defender Vulnerability Management
MECMMicrosoft Endpoint Configuration Manager
MEMMicrosoft Endpoint Manager
MFAMulti-Factor Authentication
MIMMicrosoft Identity Manager
MPIPMicrosoft Purview Information Protection
MPIMMicrosoft Privileged Identity Management
MSDTMicrosoft Support Diagnostic Tool
MS-DRSMicrosoft Directory Replication Service
MSIXMSIX is a Windows app package format that provides a modern packaging experience to all Windows apps


NCCENon-Corporate Commonwealth Entity
NNRNetwork Name Resolution
NTLMNew Technology LAN Manager


OABOffline Address Book
OATHOpen Authentication
OAUTHOpen Authentication
OEMOriginal Equipment Manufacturer
OSPFOpen Shortest Path First
OTPOne-Time Password
OWAOutlook on the Web


PasswordlessPasswordless authentication is a means to verify a user’s identity, without using a password
PDFPortable Document Format
PEMPrivacy Enhanced Mail
PHSPassword Hash Synchronisation
PIIPersonally Identifiable Information
PIMPrivileged Identity Management
PINPersonal Identification Number
PNGPortable Network Graphics
POPPost Office Protocol
PSPFProtective Security Policy Framework
PSTPersonal Storage Table
PSTNPublic Switch Telephone Network
PTAPass-Through Authentication




RAMRandom Access Memory
RBACRole Based Access Control
RDPRemote Desktop Protocol
RESTRepresentational State Transfer
RFCRequest for Comment
RHELRed Hat Enterprise Linux
RPORecovery Point Objective
RTORecovery Time Objective


SANSubject Alternate Name
SAWSecure Admin Workstation
SCCMMicrosoft System Center Configuration Manager
SCIMSystem for Cross-domain Identity Management
SEMSecurity Event Management
SEHOPStructured Exception Handling Overwrite Protection
SIEMSecurity Information and Event Management
SIGSecure Internet Gateway
SIMSecurity Information Management
SLAService Level Agreement
SLATSecond Level Address Translation
SmartcardA smart card is a physical card that has an embedded integrated chip that acts as a security token
SMBServer Message Block
SMSShort Message Service
SMTPSimple Mail Transport Protocol
SOAPSimple Object Access Protocol
SOEStandard Operating Environment
SPAMUnsolicited Email
SPODSSharePoint Online Directory Services
SPFSender Policy Framework
SQLStructured Query Language
SRMPSecurity Risk Management Plan
SRTPSecure Real Time Protocol
SSLSecure Socket Layer
SSOSingle Sign On
SSPRSelf-Service Password Reset
SVGScalable Vector Graphics
SWIFTSociety for Worldwide Interbank Financial Telecommunication


TCPTransmission Control Protocol
TLSTransport Layer Security
TOTPTime-based One-Time Password
TPMTrusted Platform Module


UACUser Access Control
UDPUser Datagram Protocol
UEBAUser Entity Behavioural Analytics
UEFIUnified Extensible Firmware Interface
UPNUser Principal Name
URLUniform Resource Locator
UWPUniversal Windows Platform


VBAVisual Basic for Application
VDIVirtual Desktop Infrastructure
VIPVirtual IP address
VPNVirtual Private Network
VSMVirtual Secure Module


WDACWindows Defender Application Control
WDDMWindows Display Driver Model
WIPWindows Information Protection
WPADWeb Proxy Auto-Discovery Protocol
WSUSWindows Server Update Services


XMLExtensible Markup Language
XPSXML Paper Specification





Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra