Appendix A — Acronyms (Informative)
The following acronyms and abbreviations are used in this Standard.
| Acronym | Definition |
|---|---|
| APP | Authorization and Policy Plane |
| BYOK | Bring Your Own Key (Industry term; see Section 6.5.2 for ZKS distinction) |
| BYOS | Bring Your Own Storage |
| CSD | Client Sovereignty Domain |
| CSS | Ciphertext Storage Substrate |
| DKE | Double Key Encryption |
| HSM | Hardware Security Module |
| HYOK | Hold Your Own Key |
| IRM | Identity and Recovery Mechanisms |
| KCS | Key Custody Service |
| KEK | Key Encryption Key |
| KMS | Key Management Service |
| OOB | Out-of-Band |
| OP | Orchestration Plane |
| PQC | Post-Quantum Cryptography |
| SBOM | Software Bill of Materials |
| SDO | Sovereignty Domain Owner |
| TEE | Trusted Execution Environment |
| UKRS | User-Controlled Key Recovery Service |
| ZKS | Zero-Knowledge Sovereignty |
| ZTA | Zero Trust Architecture (referring specifically to NIST SP 800-207) |