CompTIA Security+ Acronyms: Complete 2026 Study List
CompTIA Security+ has the longest acronym list of any CompTIA certification — over 300 entries. The current exam added dozens of new cloud security and zero-trust acronyms. This guide organizes every essential acronym by domain, explains each technology's role in cybersecurity, and provides strategies to memorize them efficiently.
Core Security Concepts (Domain 1 — 12% Weight)
These foundational acronyms appear throughout the exam. Understanding CIA, AAA, and basic security control types is essential for every domain.
CIA — Confidentiality, Integrity, Availability
AAA — Authentication, Authorization, Accounting
DAD — Disclosure, Alteration, Destruction
RBAC — Role-Based Access Control
ABAC — Attribute-Based Access Control
MAC — Mandatory Access Control
DAC — Discretionary Access Control
ZTA — Zero Trust Architecture
Cryptography Acronyms
Cryptography is one of the most technical domains on Security+. You need to know not just what each algorithm does, but whether it's symmetric, asymmetric, or hashing — and appropriate key sizes.
This is the highest-weighted domain. Understanding the differences between these overlapping security tools is critical — the exam specifically tests your ability to choose the right tool for each scenario.
SIEM — Security Info & Event Management
SOAR — Security Orchestration & Response
EDR — Endpoint Detection & Response
XDR — Extended Detection & Response
MDR — Managed Detection & Response
IDS — Intrusion Detection System
IPS — Intrusion Prevention System
WAF — Web Application Firewall
NGFW — Next-Generation Firewall
DLP — Data Loss Prevention
NAC — Network Access Control
MDM — Mobile Device Management
Authentication & Identity Acronyms
MFA — Multi-Factor Authentication
SSO — Single Sign-On
LDAP — Lightweight Directory Access Protocol
RADIUS — Remote Auth Dial-In User Service
TACACS+ — Terminal Access Controller
SAML — Security Assertion Markup Language
OAuth — Open Authorization
OIDC — OpenID Connect
PAM — Privileged Access Management
IAM — Identity & Access Management
Cloud Security Acronyms (New on Current Exam)
The current Security+ exam added significant cloud security content. These acronyms are tested more heavily than in previous versions and represent modern enterprise security architecture.
Prioritize by exam weight: Domain 4 (Security Operations, 28%) has the most acronyms. Master SIEM, SOAR, EDR, XDR, IDS, IPS, DLP, and NAC first. Domain 1 (General Concepts, 12%) has fewer but foundational acronyms — learn CIA, AAA, and access control models early.
Create comparison groups: The exam tests your ability to distinguish similar tools. Build comparison cards: SIEM vs SOAR (logging vs automation), IDS vs IPS (detect vs prevent), EDR vs XDR (endpoint vs extended), RADIUS vs TACACS+ (standards-based vs Cisco). These distinctions are gold on exam day.
Learn the "new" acronyms separately: The current exam added cloud security acronyms (CASB, CSPM, CWPP, SASE, ZTNA) that weren't on previous versions. These are heavily tested because CompTIA wants to validate awareness of modern security architecture.
Connect acronyms to scenarios: Instead of isolated flashcards, create scenario chains: "Detect with SIEM → Alert via SOAR → Investigate with EDR → Respond with XDR → Report for GRC." This mirrors how the exam tests these concepts.
Test Your Security+ Acronym Knowledge
Our practice tests use these acronyms in exam-realistic scenarios — PBQs, drag-and-drop, and multiple-choice just like the real Security+ exam.
The official Security+ acronym list contains 300+ security-related acronyms — the most of any CompTIA certification. However, the exam heavily tests approximately 120-150 core acronyms. Focus on security tools (SIEM, SOAR, EDR, XDR), cryptography (AES, RSA, PKI, TLS), and access control (MFA, SSO, LDAP, RADIUS) first.
What Security+ acronyms are most commonly tested?
The most frequently tested include CIA (triad), AAA, SIEM, SOAR, EDR, XDR, IDS/IPS, WAF, DLP, PKI, AES, RSA, MFA, SSO, RADIUS, TACACS+, LDAP, SAML, and OAuth. Newer acronyms like CASB, ZTNA, CSPM, and CWPP appear more frequently on the current exam than in previous versions.
What's the difference between SIEM, SOAR, EDR, and XDR?
SIEM collects and correlates log data for threat detection. SOAR automates incident response workflows. EDR monitors individual endpoints for threats. XDR integrates data across endpoints, networks, and cloud for holistic threat detection. The exam tests which tool to use in specific scenarios.
Do I need to know cryptographic algorithm details?
You need to know key characteristics: AES is symmetric (128/192/256-bit), RSA is asymmetric, SHA is hashing (not encryption), and Diffie-Hellman is key exchange. Know which are symmetric vs asymmetric, appropriate key sizes, and when to use each. You don't need to understand the mathematical operations behind them.
How do Security+ acronyms differ from Network+ acronyms?
Security+ shares some Network+ acronyms (IDS, IPS, VPN, TLS) but adds extensive security-specific ones: SIEM, SOAR, EDR, DLP, CASB, GRC, and many more. Security+ also goes deeper into cryptographic acronyms (PKI, CA, CRL, OCSP) and compliance frameworks (NIST, ISO 27001, GDPR, HIPAA).
Are there new acronyms on the current exam compared to previous versions?
Yes, the current exam added several modern security acronyms: ZTNA (Zero Trust Network Access), CASB (Cloud Access Security Broker), CSPM (Cloud Security Posture Management), CWPP (Cloud Workload Protection Platform), SASE (Secure Access Service Edge), and MDR (Managed Detection and Response). These reflect the industry shift toward cloud and zero-trust security models.