Source of Reference: The official CMMC Glossary from the Office of the Under Secretary of Defense Acquisition & Sustainment.
For inquiries and reporting errors on this wiki, please contact us. Thank you.
A
| AA |
Audit and Accountability
|
| ABAC |
Attribute-Based Access Control
|
| AC |
Access Control
|
| ACSC |
Australian Cyber Security Centre
|
| AES |
Advanced Encryption Standard
|
| AIA |
Aerospace Industries Association
|
| AM |
Asset Management
|
| API |
Application Programming Interface
|
| APT |
Advanced Persistent Threat
|
| AT |
Awareness and Training
|
| AU |
Audit and Accountability
|
B
| BYOD |
Bring Your Own Device
|
C
| C2M2 |
Cybersecurity Capability Maturity Model
|
| C3PAO |
CMMC Third-Party Assessment Organization
|
| CA |
Security Assessment
|
| CD-ROM |
Compact Disc Read-Only Memory
|
| CDI |
Covered Defense Information
|
| CEA |
Council of Economic Advisers
|
| CERT |
Computer Emergency Response Team
|
| CERT RMM |
CERT® Resilience Management Model
|
| CFR |
Code of Federal Regulations
|
| CI |
Configuration Item
|
| CIO |
Chief Information Officer
|
| CIS |
Computer Information System
|
| CIS |
Center for Internet Security
|
| CISA |
Cybersecurity and Infrastructure Security Agency
|
| CM |
Configuration Management
|
| CMMC |
Cybersecurity Maturity Model Certification
|
| CNSSD |
Committee on National Security Systems Directive
|
| CNSSI |
Committee on National Security Systems Instructions
|
| COMSEC |
Communications Security
|
| CPI |
Critical Program Information
|
| CSF |
Cybersecurity Framework
|
| CSIS |
Center for Strategic and International Studies
|
| CSP |
Credential Service Provider
|
| CTI |
Controlled Technical Information
|
| CUI |
Controlled Unclassified Information
|
| CVE |
Common Vulnerabilities and Exposures
|
| CVMP |
Cryptographic Module Validation Program
|
| CWE |
Common Weakness Enumeration
|
D
| D/A |
Department/Agency
|
| DCISE |
DIB Collaborative Information Sharing Environment
|
| DCS |
Distributed Control System
|
| DD |
Represents any two-character CMMC Domain acronym
|
| DFARS |
Defense Federal Acquisition Regulation Supplement
|
| DHC |
Device Health Check
|
| DIB |
Defense Industrial Base
|
| DKIM |
Domain Key Identified Mail
|
| DMARC |
Domain-based Message Authentication, Reporting, and Conformance
|
| DMZ |
Demilitarized Zone
|
| DNS |
Domain Name System
|
| DNSSEC |
Domain Name System Security
|
| DoD |
Department of Defense
|
| DoDI |
Department of Defense Instruction
|
| DPCI |
Derived PIV Credential Issuers
|
| DVD |
Digital Versatile Disc
|
E
| E.O. |
Executive Order
|
| eSATA |
External Serial Advanced Technology Attachment
|
| ESP |
External Service Provider
|
F
| FAQ |
Frequently Asked Question
|
| FAR |
Federal Acquisition Regulation
|
| FBI |
Federal Bureau of Investigation
|
| FCI |
Federal Contract Information
|
| FDDI |
Fiber Distributed Data Interface
|
| FDE |
Full Disk Encryption
|
| FedRAMP |
Federal Risk and Authorization Management Program
|
| FFRDC |
Federally Funded Research and Development Center
|
| FIPS |
Federal Information Processing Standard
|
| FTP |
File Transfer Protocol
|
G
| GDPR |
General Data Protection Regulation
|
H
| HIPAA |
Health Insurance Portability and Accountability Act
|
| HSPD |
Homeland Security Presidential Directive
|
| HTTP |
Hypertext Transfer Protocol
|
| HTTPS |
Hypertext Transfer Protocol Secure
|
| HVA |
High-Value Asset
|
I
| IA |
Information Assurance
|
| IA |
Identification and Authentication
|
| IBAC |
Identity-Based Access Control
|
| IC3 |
Internet Crime Complaint Center
|
| ICAM |
Identity, Credential, and Access Management
|
| ICS |
Industrial Control System
|
| ID |
Identification
|
| IDA |
Identification and Authentication
|
| IDPS |
Intrusion Detection and Prevention Systems
|
| IEC |
International Electrotechnical Commission
|
| IETF |
Internet Engineering Task Force
|
| IIoT |
Industrial Internet of Things
|
| IoT |
Internet of Things
|
| IP |
Internet Protocol
|
| IPSec |
Internet Protocol Security
|
| IR |
Incident Response
|
| IS |
Information System
|
| ISAC |
Information Sharing and Analysis Center
|
| ISAO |
Information Sharing and Analysis Organization
|
| ISCM |
Information Security Continuous Monitoring
|
| ISDN |
Integrated Services Digital Network
|
| ISO |
International Organization for Standardization
|
| IT |
Information Technology
|
| ITIL |
Information Technology Infrastructure Library
|
L
| L# |
Level Number
|
| LAN |
Local Area Network
|
| LSI |
Large-Scale Integration
|
M
| MA |
Maintenance
|
| MAC |
Media Access Control
|
| MC |
Maturity Capability
|
| MC## |
Maturity Capability Number
|
| MDM |
Mobile Device Management
|
| MEP |
Manufacturing Extension Partnership
|
| MFA |
Multifactor Authentication
|
| ML |
Maturity Level
|
| ML# |
Maturity Level Number
|
| MMC |
Multimedia Card
|
| MP |
Media Protection
|
| N/A |
Not Applicable (NA)
|
| NARA |
National Archives and Records Administration
|
| NAS |
Networked Attached Storage
|
| NAS |
National Aerospace Standard
|
| NCSC |
National Cyber Security Centre
|
| NIST |
National Institute of Standards and Technology
|
| NISTIR |
NIST Interagency (or Internal) Report
|
| NPE |
Non-Person Entity
|
| NSA |
National Security Agency
|
| NSA/CSS |
NSA Central Security Service
|
| NSPD |
National Security Presidential Directive
|
| NSTISSD |
National Security Telecommunications and Information Systems Security Directive
|
| NTP |
Network Time Protocol
|
| NYSSCPA |
New York State Society of CPAs
|
O
| OMB |
Office of Management and Budget
|
| OS |
Operating System
|
| OSC |
Organization Seeking Certification
|
| OT |
Operational Technology
|
| OUSD A&S |
Office of the Under Secretary of Defense for Acquisition and Sustainment
|
P
| PCI |
Personal Identity Verification Card Issuers
|
| PDA |
Personal Digital Assistant
|
| PE |
Physical Protection
|
| PGP |
Pretty Good Privacy
|
| PII |
Personally Identifiable Information
|
| PIV |
Personal Identify Verification
|
| PKI |
Public Key Infrastructure
|
| PLC |
Programmable Logic Controller
|
| POC |
Point of Contact
|
| POTS |
Plain Old Telephone Service
|
| PP |
Physical Protection
|
| PPD |
Presidential Policy Directive
|
| PS |
Personnel Security
|
| PUB |
Publication
|
R
Rev
RF
RFC
RM
RMM
RMM
RPO
RTO
SA
SaaS
SAS
SC
SHA
SI
SIEM
SOC
SP
SPF
SSC
SSD
SSP
SSP
TLS
Acronyms and Abbreviations
CMMC Glossary and Acronyms Version 2.0
U.S.
UARC
UK
UMD
URL
USB
UTC
UUENCODE
VLAN
VoIP
Vol.
VPN
WAP
WPA2-PSK
xD
| RADIUS
|
Remote Authentication Dial-in User Service RE
|
Recovery
|
| Revision
|
| Radio Frequency
|
| Request for Comments
|
| Risk Management
|
| Resilience Management Model
|
| Risk Management Model
|
| Recovery Point Objectives
|
| Recovery Time Objectives
|
| Situational Awareness
|
| Software as a Service
|
| Security Assessment
|
| System and Communications Protection SCADA
|
Supervisory Control and Data Acquisition SCRM
|
Supply Chain Risk Management
|
| Security Hash Algorithm
|
| System and Information Integrity
|
| Security Integration and Event Management SMS
|
Short Message Service
|
| Security Operations Center
|
| Special Publication
|
| Sender Policy Framework
|
| Secure Socket Layer
|
| Solid-State Disk
|
| System Security Plan
|
| Sector Specific Plan
|
| Transport Layer Security
|
| 34
TTP
|
Tactics, Techniques, and Procedures
|
| United States
|
| University Affiliated Research Center
|
| United Kingdom
|
| Universal Media Disc
|
| Uniform Resource Locator
|
| Universal Serial Bus
|
| Coordinated Universal Time
|
| Unix-to-Unix Encode
|
| Virtual Local Area Network
|
| Voice over Internet Protocol
|
| Volume
|
| Virtual Private Network
|
| Wireless Access Point
|
| WiFi Protected Access-Pre-shared Key
|
| Extreme Digital (flash memory card device)
|