Acronyms and Abbreviations
Source of Reference: The official CMMC Glossary from the Office of the Under Secretary of Defense Acquisition & Sustainment.
A
| AA | Audit and Accountability |
| ABAC | Attribute-Based Access Control |
| AC | Access Control |
| ACSC | Australian Cyber Security Centre |
| AES | Advanced Encryption Standard |
| AIA | Aerospace Industries Association |
| AM | Asset Management |
| API | Application Programming Interface |
| APT | Advanced Persistent Threat |
| AT | Awareness and Training |
| AU | Audit and Accountability |
B
| BYOD | Bring Your Own Device |
C
| C2M2 | Cybersecurity Capability Maturity Model |
| C3PAO | CMMC Third-Party Assessment Organization |
| CA | Security Assessment |
| CD-ROM | Compact Disc Read-Only Memory |
| CDI | Covered Defense Information |
| CEA | Council of Economic Advisers |
| CERT | Computer Emergency Response Team |
| CERT RMM | CERT® Resilience Management Model |
| CFR | Code of Federal Regulations |
| CI | Configuration Item |
| CIO | Chief Information Officer |
| CIS | Computer Information System |
| CIS | Center for Internet Security |
| CISA | Cybersecurity and Infrastructure Security Agency |
| CM | Configuration Management |
| CMMC | Cybersecurity Maturity Model Certification |
| CNSSD | Committee on National Security Systems Directive |
| CNSSI | Committee on National Security Systems Instructions |
| COMSEC | Communications Security |
| CPI | Critical Program Information |
| CSF | Cybersecurity Framework |
| CSIS | Center for Strategic and International Studies |
| CSP | Credential Service Provider |
| CTI | Controlled Technical Information |
| CUI | Controlled Unclassified Information |
| CVE | Common Vulnerabilities and Exposures |
| CVMP | Cryptographic Module Validation Program |
| CWE | Common Weakness Enumeration |
D
| D/A | Department/Agency |
| DCISE | DIB Collaborative Information Sharing Environment |
| DCS | Distributed Control System |
| DD | Represents any two-character CMMC Domain acronym |
| DFARS | Defense Federal Acquisition Regulation Supplement |
| DHC | Device Health Check |
| DIB | Defense Industrial Base |
| DKIM | Domain Key Identified Mail |
| DMARC | Domain-based Message Authentication, Reporting, and Conformance |
| DMZ | Demilitarized Zone |
| DNS | Domain Name System |
| DNSSEC | Domain Name System Security |
| DoD | Department of Defense |
| DoDI | Department of Defense Instruction |
| DPCI | Derived PIV Credential Issuers |
| DVD | Digital Versatile Disc |
E
| E.O. | Executive Order |
| eSATA | External Serial Advanced Technology Attachment |
| ESP | External Service Provider |
F
| FAQ | Frequently Asked Question |
| FAR | Federal Acquisition Regulation |
| FBI | Federal Bureau of Investigation |
| FCI | Federal Contract Information |
| FDDI | Fiber Distributed Data Interface |
| FDE | Full Disk Encryption |
| FedRAMP | Federal Risk and Authorization Management Program |
| FFRDC | Federally Funded Research and Development Center |
| FIPS | Federal Information Processing Standard |
| FTP | File Transfer Protocol |
G
| GDPR | General Data Protection Regulation |
H
| HIPAA | Health Insurance Portability and Accountability Act |
| HSPD | Homeland Security Presidential Directive |
| HTTP | Hypertext Transfer Protocol |
| HTTPS | Hypertext Transfer Protocol Secure |
| HVA | High-Value Asset |
I
| IA | Information Assurance |
| IA | Identification and Authentication |
| IBAC | Identity-Based Access Control |
| IC3 | Internet Crime Complaint Center |
| ICAM | Identity, Credential, and Access Management |
| ICS | Industrial Control System |
| ID | Identification |
| IDA | Identification and Authentication |
| IDPS | Intrusion Detection and Prevention Systems |
| IEC | International Electrotechnical Commission |
| IETF | Internet Engineering Task Force |
| IIoT | Industrial Internet of Things |
| IoT | Internet of Things |
| IP | Internet Protocol |
| IPSec | Internet Protocol Security |
| IR | Incident Response |
| IS | Information System |
| ISAC | Information Sharing and Analysis Center |
| ISAO | Information Sharing and Analysis Organization |
| ISCM | Information Security Continuous Monitoring |
| ISDN | Integrated Services Digital Network |
| ISO | International Organization for Standardization |
| IT | Information Technology |
| ITIL | Information Technology Infrastructure Library |
L# |Level Number |- LAN |Local Area Network |- LSI |Large-Scale Integration |-
Acronyms and Abbreviations |-
CMMC Glossary and Acronyms Version 2.0 |32
Acronyms and Abbreviations |-
MA |Maintenance |- MAC |Media Access Control |- MC |Maturity Capability |- MC## |Maturity Capability Number |- MDM |Mobile Device Management |- MEP |Manufacturing Extension Partnership |- MFA |Multifactor Authentication |- ML |Maturity Level |- ML# |Maturity Level Number |- MMC |Multimedia Card |- MP |Media Protection |- N/A |Not Applicable (NA) |- NARA |National Archives and Records Administration |- NAS |Networked Attached Storage |- NAS |National Aerospace Standard |- NCSC |National Cyber Security Centre |- NIST |National Institute of Standards and Technology |- NISTIR |NIST Interagency (or Internal) Report |- NPE |Non-Person Entity |- NSA |National Security Agency |- NSA/CSS |NSA Central Security Service |- NSPD |National Security Presidential Directive |- NSTISSD |National Security Telecommunications and Information Systems Security Directive NTP |Network Time Protocol |- NYSSCPA |New York State Society of CPAs |- OMB |Office of Management and Budget |- OS |Operating System |- OSC |Organization Seeking Certification |- OT |Operational Technology |- OUSD A&S |Office of the Under Secretary of Defense for Acquisition and Sustainment |- PCI |Personal Identity Verification Card Issuers |- PDA |Personal Digital Assistant |- PE |Physical Protection |- PGP |Pretty Good Privacy |- PII |Personally Identifiable Information |- PIV |Personal Identify Verification |-
CMMC Glossary and Acronyms Version 2.0 |33
PKI
|Public Key Infrastructure
|-
PLC
|Programmable Logic Controller
|-
POC
|Point of Contact
|-
POTS
|Plain Old Telephone Service
|-
PP
|Physical Protection
|-
PPD
|Presidential Policy Directive
|-
PS
|Personnel Security
|-
PUB
|Publication
|-
RADIUS
|Remote Authentication Dial-in User Service RE
|Recovery
|-
Rev
|Revision
|-
RF
|Radio Frequency
|-
RFC
|Request for Comments
|-
RM
|Risk Management
|-
RMM
|Resilience Management Model
|-
RMM
|Risk Management Model
|-
RPO
|Recovery Point Objectives
|-
RTO
|Recovery Time Objectives
|-
SA
|Situational Awareness
|-
SaaS
|Software as a Service
|-
SAS
|Security Assessment
|-
SC
|System and Communications Protection SCADA
|Supervisory Control and Data Acquisition SCRM
|Supply Chain Risk Management
|-
SHA
|Security Hash Algorithm
|-
SI
|System and Information Integrity
|-
SIEM
|Security Integration and Event Management SMS
|Short Message Service
|-
SOC
|Security Operations Center
|-
SP
|Special Publication
|-
SPF
|Sender Policy Framework
|-
SSC
|Secure Socket Layer
|-
SSD
|Solid-State Disk
|-
SSP
|System Security Plan
|-
SSP
|Sector Specific Plan
|-
TLS
|Transport Layer Security
|-
Acronyms and Abbreviations |-
CMMC Glossary and Acronyms Version 2.0 |34
TTP
|Tactics, Techniques, and Procedures
|-
U.S.
|United States
|-
UARC
|University Affiliated Research Center
|-
UK
|United Kingdom
|-
UMD
|Universal Media Disc
|-
URL
|Uniform Resource Locator
|-
USB
|Universal Serial Bus
|-
UTC
|Coordinated Universal Time
|-
UUENCODE
|Unix-to-Unix Encode
|-
VLAN
|Virtual Local Area Network
|-
VoIP
|Voice over Internet Protocol
|-
Vol.
|Volume
|-
VPN
|Virtual Private Network
|-
WAP
|Wireless Access Point
|-
WPA2-PSK
|WiFi Protected Access-Pre-shared Key
|-
xD
|Extreme Digital (flash memory card device)
|-
|}