Source of Reference: The official CMMC Glossary from the Office of the Under Secretary of Defense Acquisition & Sustainment.
For inquiries and reporting errors on this wiki, please contact us. Thank you.
A
AA |
Audit and Accountability
|
ABAC |
Attribute-Based Access Control
|
AC |
Access Control
|
ACSC |
Australian Cyber Security Centre
|
AES |
Advanced Encryption Standard
|
AIA |
Aerospace Industries Association
|
AM |
Asset Management
|
API |
Application Programming Interface
|
APT |
Advanced Persistent Threat
|
AT |
Awareness and Training
|
AU |
Audit and Accountability
|
B
BYOD |
Bring Your Own Device
|
C
C2M2 |
Cybersecurity Capability Maturity Model
|
C3PAO |
CMMC Third-Party Assessment Organization
|
CA |
Security Assessment
|
CD-ROM |
Compact Disc Read-Only Memory
|
CDI |
Covered Defense Information
|
CEA |
Council of Economic Advisers
|
CERT |
Computer Emergency Response Team
|
CERT RMM |
CERT® Resilience Management Model
|
CFR |
Code of Federal Regulations
|
CI |
Configuration Item
|
CIO |
Chief Information Officer
|
CIS |
Computer Information System
|
CIS |
Center for Internet Security
|
CISA |
Cybersecurity and Infrastructure Security Agency
|
CM |
Configuration Management
|
CMMC |
Cybersecurity Maturity Model Certification
|
CNSSD |
Committee on National Security Systems Directive
|
CNSSI |
Committee on National Security Systems Instructions
|
COMSEC |
Communications Security
|
CPI |
Critical Program Information
|
CSF |
Cybersecurity Framework
|
CSIS |
Center for Strategic and International Studies
|
CSP |
Credential Service Provider
|
CTI |
Controlled Technical Information
|
CUI |
Controlled Unclassified Information
|
CVE |
Common Vulnerabilities and Exposures
|
CVMP |
Cryptographic Module Validation Program
|
CWE |
Common Weakness Enumeration
|
D
D/A |
Department/Agency
|
DCISE |
DIB Collaborative Information Sharing Environment
|
DCS |
Distributed Control System
|
DD |
Represents any two-character CMMC Domain acronym
|
DFARS |
Defense Federal Acquisition Regulation Supplement
|
DHC |
Device Health Check
|
DIB |
Defense Industrial Base
|
DKIM |
Domain Key Identified Mail
|
DMARC |
Domain-based Message Authentication, Reporting, and Conformance
|
DMZ |
Demilitarized Zone
|
DNS |
Domain Name System
|
DNSSEC |
Domain Name System Security
|
DoD |
Department of Defense
|
DoDI |
Department of Defense Instruction
|
DPCI |
Derived PIV Credential Issuers
|
DVD |
Digital Versatile Disc
|
E
E.O. |
Executive Order
|
eSATA |
External Serial Advanced Technology Attachment
|
ESP |
External Service Provider
|
F
FAQ |
Frequently Asked Question
|
FAR |
Federal Acquisition Regulation
|
FBI |
Federal Bureau of Investigation
|
FCI |
Federal Contract Information
|
FDDI |
Fiber Distributed Data Interface
|
FDE |
Full Disk Encryption
|
FedRAMP |
Federal Risk and Authorization Management Program
|
FFRDC |
Federally Funded Research and Development Center
|
FIPS |
Federal Information Processing Standard
|
FTP |
File Transfer Protocol
|
G
GDPR |
General Data Protection Regulation
|
H
HIPAA |
Health Insurance Portability and Accountability Act
|
HSPD |
Homeland Security Presidential Directive
|
HTTP |
Hypertext Transfer Protocol
|
HTTPS |
Hypertext Transfer Protocol Secure
|
HVA |
High-Value Asset
|
I
IA |
Information Assurance
|
IA |
Identification and Authentication
|
IBAC |
Identity-Based Access Control
|
IC3 |
Internet Crime Complaint Center
|
ICAM |
Identity, Credential, and Access Management
|
ICS |
Industrial Control System
|
ID |
Identification
|
IDA |
Identification and Authentication
|
IDPS |
Intrusion Detection and Prevention Systems
|
IEC |
International Electrotechnical Commission
|
IETF |
Internet Engineering Task Force
|
IIoT |
Industrial Internet of Things
|
IoT |
Internet of Things
|
IP |
Internet Protocol
|
IPSec |
Internet Protocol Security
|
IR |
Incident Response
|
IS |
Information System
|
ISAC |
Information Sharing and Analysis Center
|
ISAO |
Information Sharing and Analysis Organization
|
ISCM |
Information Security Continuous Monitoring
|
ISDN |
Integrated Services Digital Network
|
ISO |
International Organization for Standardization
|
IT |
Information Technology
|
ITIL |
Information Technology Infrastructure Library
|
L
L# |
Level Number
|
LAN |
Local Area Network
|
LSI |
Large-Scale Integration
|
M
MA |
Maintenance
|
MAC |
Media Access Control
|
MC |
Maturity Capability
|
MC## |
Maturity Capability Number
|
MDM |
Mobile Device Management
|
MEP |
Manufacturing Extension Partnership
|
MFA |
Multifactor Authentication
|
ML |
Maturity Level
|
ML# |
Maturity Level Number
|
MMC |
Multimedia Card
|
MP |
Media Protection
|
N/A |
Not Applicable (NA)
|
NARA |
National Archives and Records Administration
|
NAS |
Networked Attached Storage
|
NAS |
National Aerospace Standard
|
NCSC |
National Cyber Security Centre
|
NIST |
National Institute of Standards and Technology
|
NISTIR |
NIST Interagency (or Internal) Report
|
NPE |
Non-Person Entity
|
NSA |
National Security Agency
|
NSA/CSS |
NSA Central Security Service
|
NSPD |
National Security Presidential Directive
|
NSTISSD |
National Security Telecommunications and Information Systems Security Directive
|
NTP |
Network Time Protocol
|
NYSSCPA |
New York State Society of CPAs
|
O
OMB |
Office of Management and Budget
|
OS |
Operating System
|
OSC |
Organization Seeking Certification
|
OT |
Operational Technology
|
OUSD A&S |
Office of the Under Secretary of Defense for Acquisition and Sustainment
|
P
PCI |
Personal Identity Verification Card Issuers
|
PDA |
Personal Digital Assistant
|
PE |
Physical Protection
|
PGP |
Pretty Good Privacy
|
PII |
Personally Identifiable Information
|
PIV |
Personal Identify Verification
|
PKI |
Public Key Infrastructure
|
PLC |
Programmable Logic Controller
|
POC |
Point of Contact
|
POTS |
Plain Old Telephone Service
|
PP |
Physical Protection
|
PPD |
Presidential Policy Directive
|
PS |
Personnel Security
|
PUB |
Publication
|
R
RADIUS |
Remote Authentication Dial-in User Service
|
RE |
Recovery
|
Rev |
Revision
|
RF |
Radio Frequency
|
RFC |
Request for Comments
|
RM |
Risk Management
|
RMM |
Resilience Management Model
|
RMM |
Risk Management Model
|
RPO |
Recovery Point Objectives
|
RTO |
Recovery Time Objectives
|
SA |
Situational Awareness
|
SaaS |
Software as a Service
|
SAS |
Security Assessment
|
SC |
System and Communications Protection
|
SCADA |
Supervisory Control and Data Acquisition
|
SCRM |
Supply Chain Risk Management
|
SHA |
Security Hash Algorithm
|
SI |
System and Information Integrity
|
SIEM |
Security Integration and Event Management
|
SMS |
Short Message Service
|
SOC |
Security Operations Center
|
SP |
Special Publication
|
SPF |
Sender Policy Framework
|
SSC |
Secure Socket Layer
|
SSD |
Solid-State Disk
|
SSP |
System Security Plan
|
SSP |
Sector Specific Plan
|
T
Acronyms and Abbreviations
CMMC Glossary and Acronyms Version 2.0
U.S.
UARC
UK
UMD
URL
USB
UTC
UUENCODE
VLAN
VoIP
Vol.
VPN
WAP
WPA2-PSK
xD
TLS
|
Transport Layer Security
|
34
TTP
|
Tactics, Techniques, and Procedures
|
United States
|
University Affiliated Research Center
|
United Kingdom
|
Universal Media Disc
|
Uniform Resource Locator
|
Universal Serial Bus
|
Coordinated Universal Time
|
Unix-to-Unix Encode
|
Virtual Local Area Network
|
Voice over Internet Protocol
|
Volume
|
Virtual Private Network
|
Wireless Access Point
|
WiFi Protected Access-Pre-shared Key
|
Extreme Digital (flash memory card device)
|