Source of Reference: The official CMMC Glossary from the Office of the Under Secretary of Defense Acquisition & Sustainment.
For inquiries and reporting errors on this wiki, please contact us. Thank you.
A
| AA |
Audit and Accountability
|
| ABAC |
Attribute-Based Access Control
|
| AC |
Access Control
|
| ACSC |
Australian Cyber Security Centre
|
| AES |
Advanced Encryption Standard
|
| AIA |
Aerospace Industries Association
|
| AM |
Asset Management
|
| API |
Application Programming Interface
|
| APT |
Advanced Persistent Threat
|
| AT |
Awareness and Training
|
| AU |
Audit and Accountability
|
B
| BYOD |
Bring Your Own Device
|
C
| C2M2 |
Cybersecurity Capability Maturity Model
|
| C3PAO |
CMMC Third-Party Assessment Organization
|
| CA |
Security Assessment
|
| CD-ROM |
Compact Disc Read-Only Memory
|
| CDI |
Covered Defense Information
|
| CEA |
Council of Economic Advisers
|
| CERT |
Computer Emergency Response Team
|
| CERT RMM |
CERT® Resilience Management Model
|
| CFR |
Code of Federal Regulations
|
| CI |
Configuration Item
|
| CIO |
Chief Information Officer
|
| CIS |
Computer Information System
|
| CIS |
Center for Internet Security
|
| CISA |
Cybersecurity and Infrastructure Security Agency
|
| CM |
Configuration Management
|
| CMMC |
Cybersecurity Maturity Model Certification
|
| CNSSD |
Committee on National Security Systems Directive
|
| CNSSI |
Committee on National Security Systems Instructions
|
| COMSEC |
Communications Security
|
| CPI |
Critical Program Information
|
| CSF |
Cybersecurity Framework
|
| CSIS |
Center for Strategic and International Studies
|
| CSP |
Credential Service Provider
|
| CTI |
Controlled Technical Information
|
| CUI |
Controlled Unclassified Information
|
| CVE |
Common Vulnerabilities and Exposures
|
| CVMP |
Cryptographic Module Validation Program
|
| CWE |
Common Weakness Enumeration
|
D
| D/A |
Department/Agency
|
| DCISE |
DIB Collaborative Information Sharing Environment
|
| DCS |
Distributed Control System
|
| DD |
Represents any two-character CMMC Domain acronym
|
| DFARS |
Defense Federal Acquisition Regulation Supplement
|
| DHC |
Device Health Check
|
| DIB |
Defense Industrial Base
|
| DKIM |
Domain Key Identified Mail
|
| DMARC |
Domain-based Message Authentication, Reporting, and Conformance
|
| DMZ |
Demilitarized Zone
|
| DNS |
Domain Name System
|
| DNSSEC |
Domain Name System Security
|
| DoD |
Department of Defense
|
| DoDI |
Department of Defense Instruction
|
| DPCI |
Derived PIV Credential Issuers
|
| DVD |
Digital Versatile Disc
|
E
| E.O. |
Executive Order
|
| eSATA |
External Serial Advanced Technology Attachment
|
| ESP |
External Service Provider
|
F
| FAQ |
Frequently Asked Question
|
| FAR |
Federal Acquisition Regulation
|
| FBI |
Federal Bureau of Investigation
|
| FCI |
Federal Contract Information
|
| FDDI |
Fiber Distributed Data Interface
|
| FDE |
Full Disk Encryption
|
| FedRAMP |
Federal Risk and Authorization Management Program
|
| FFRDC |
Federally Funded Research and Development Center
|
| FIPS |
Federal Information Processing Standard
|
| FTP |
File Transfer Protocol
|
G
| GDPR |
General Data Protection Regulation
|
H
| HIPAA |
Health Insurance Portability and Accountability Act
|
| HSPD |
Homeland Security Presidential Directive
|
| HTTP |
Hypertext Transfer Protocol
|
| HTTPS |
Hypertext Transfer Protocol Secure
|
| HVA |
High-Value Asset
|
I
| IA |
Information Assurance
|
| IA |
Identification and Authentication
|
| IBAC |
Identity-Based Access Control
|
| IC3 |
Internet Crime Complaint Center
|
| ICAM |
Identity, Credential, and Access Management
|
| ICS |
Industrial Control System
|
| ID |
Identification
|
| IDA |
Identification and Authentication
|
| IDPS |
Intrusion Detection and Prevention Systems
|
| IEC |
International Electrotechnical Commission
|
| IETF |
Internet Engineering Task Force
|
| IIoT |
Industrial Internet of Things
|
| IoT |
Internet of Things
|
| IP |
Internet Protocol
|
| IPSec |
Internet Protocol Security
|
| IR |
Incident Response
|
| IS |
Information System
|
| ISAC |
Information Sharing and Analysis Center
|
| ISAO |
Information Sharing and Analysis Organization
|
| ISCM |
Information Security Continuous Monitoring
|
| ISDN |
Integrated Services Digital Network
|
| ISO |
International Organization for Standardization
|
| IT |
Information Technology
|
| ITIL |
Information Technology Infrastructure Library
|
L
| L# |
Level Number
|
| LAN |
Local Area Network
|
| LSI |
Large-Scale Integration
|
M
| MA |
Maintenance
|
| MAC |
Media Access Control
|
| MC |
Maturity Capability
|
| MC## |
Maturity Capability Number
|
| MDM |
Mobile Device Management
|
| MEP |
Manufacturing Extension Partnership
|
| MFA |
Multifactor Authentication
|
| ML |
Maturity Level
|
| ML# |
Maturity Level Number
|
| MMC |
Multimedia Card
|
| MP |
Media Protection
|
| N/A |
Not Applicable (NA)
|
| NARA |
National Archives and Records Administration
|
| NAS |
Networked Attached Storage
|
| NAS |
National Aerospace Standard
|
| NCSC |
National Cyber Security Centre
|
| NIST |
National Institute of Standards and Technology
|
| NISTIR |
NIST Interagency (or Internal) Report
|
| NPE |
Non-Person Entity
|
| NSA |
National Security Agency
|
| NSA/CSS |
NSA Central Security Service
|
| NSPD |
National Security Presidential Directive
|
| NSTISSD |
National Security Telecommunications and Information Systems Security Directive
|
| NTP |
Network Time Protocol
|
| NYSSCPA |
New York State Society of CPAs
|
O
| OMB |
Office of Management and Budget
|
| OS |
Operating System
|
| OSC |
Organization Seeking Certification
|
| OT |
Operational Technology
|
| OUSD A&S |
Office of the Under Secretary of Defense for Acquisition and Sustainment
|
P
| PCI |
Personal Identity Verification Card Issuers
|
| PDA |
Personal Digital Assistant
|
| PE |
Physical Protection
|
| PGP |
Pretty Good Privacy
|
| PII |
Personally Identifiable Information
|
| PIV |
Personal Identify Verification
|
| PKI |
Public Key Infrastructure
|
| PLC |
Programmable Logic Controller
|
| POC |
Point of Contact
|
| POTS |
Plain Old Telephone Service
|
| PP |
Physical Protection
|
| PPD |
Presidential Policy Directive
|
| PS |
Personnel Security
|
| PUB |
Publication
|
R
| RADIUS |
Remote Authentication Dial-in User Service
|
| RE |
Recovery
|
| Rev |
Revision
|
| RF |
Radio Frequency
|
| RFC |
Request for Comments
|
| RM |
Risk Management
|
| RMM |
Resilience Management Model
|
| RMM |
Risk Management Model
|
| RPO |
Recovery Point Objectives
|
| RTO |
Recovery Time Objectives
|
S
| SA |
Situational Awareness
|
| SaaS |
Software as a Service
|
| SAS |
Security Assessment
|
| SC |
System and Communications Protection
|
| SCADA |
Supervisory Control and Data Acquisition
|
| SCRM |
Supply Chain Risk Management
|
| SHA |
Security Hash Algorithm
|
| SI |
System and Information Integrity
|
| SIEM |
Security Integration and Event Management
|
| SMS |
Short Message Service
|
| SOC |
Security Operations Center
|
| SP |
Special Publication
|
| SPF |
Sender Policy Framework
|
| SSC |
Secure Socket Layer
|
| SSD |
Solid-State Disk
|
| SSP |
System Security Plan
|
| SSP |
Sector Specific Plan
|
T
| TLS |
Transport Layer Security
|
| TTP |
Tactics, Techniques, and Procedures
|
U
| U.S. |
United States
|
| UARC |
University Affiliated Research Center
|
| UK |
United Kingdom
|
| UMD |
Universal Media Disc
|
| URL |
Uniform Resource Locator
|
| USB |
Universal Serial Bus
|
| UTC |
Coordinated Universal Time
|
| UUENCODE |
Unix-to-Unix Encode
|
V
| VLAN |
Virtual Local Area Network
|
| VoIP |
Voice over Internet Protocol
|
| Vol. |
Volume
|
| VPN |
Virtual Private Network
|
W
| WAP |
Wireless Access Point
|
| WPA2-PSK |
WiFi Protected Access-Pre-shared Key
|
X
| xD |
Extreme Digital (flash memory card device)
|