Acronyms and Abbreviations

From CMMC Toolkit Wiki
Revision as of 23:47, 20 February 2022 by Wikiadmin (talk | contribs)
Jump to navigation Jump to search

Source of Reference: The official CMMC Glossary from the Office of the Under Secretary of Defense Acquisition & Sustainment.

A

AA Audit and Accountability
ABAC Attribute-Based Access Control
AC Access Control
ACSC Australian Cyber Security Centre
AES Advanced Encryption Standard
AIA Aerospace Industries Association
AM Asset Management
API Application Programming Interface
APT Advanced Persistent Threat
AT Awareness and Training
AU Audit and Accountability

B

BYOD Bring Your Own Device

C

C2M2 Cybersecurity Capability Maturity Model
C3PAO CMMC Third-Party Assessment Organization
CA Security Assessment
CD-ROM Compact Disc Read-Only Memory
CDI Covered Defense Information
CEA Council of Economic Advisers
CERT Computer Emergency Response Team
CERT RMM CERT® Resilience Management Model
CFR Code of Federal Regulations
CI Configuration Item
CIO Chief Information Officer
CIS Computer Information System
CIS Center for Internet Security
CISA Cybersecurity and Infrastructure Security Agency
CM Configuration Management
CMMC Cybersecurity Maturity Model Certification
CNSSD Committee on National Security Systems Directive
CNSSI Committee on National Security Systems Instructions
COMSEC Communications Security
CPI Critical Program Information
CSF Cybersecurity Framework
CSIS Center for Strategic and International Studies
CSP Credential Service Provider
CTI Controlled Technical Information
CUI Controlled Unclassified Information
CVE Common Vulnerabilities and Exposures
CVMP Cryptographic Module Validation Program
CWE Common Weakness Enumeration

D

D/A Department/Agency
DCISE DIB Collaborative Information Sharing Environment
DCS Distributed Control System
DD Represents any two-character CMMC Domain acronym
DFARS Defense Federal Acquisition Regulation Supplement
DHC Device Health Check
DIB Defense Industrial Base
DKIM Domain Key Identified Mail
DMARC Domain-based Message Authentication, Reporting, and Conformance
DMZ Demilitarized Zone
DNS Domain Name System
DNSSEC Domain Name System Security
DoD Department of Defense
DoDI Department of Defense Instruction
DPCI Derived PIV Credential Issuers
DVD Digital Versatile Disc

E

E.O. Executive Order
eSATA External Serial Advanced Technology Attachment
ESP External Service Provider

F

FAQ Frequently Asked Question
FAR Federal Acquisition Regulation
FBI Federal Bureau of Investigation
FCI Federal Contract Information
FDDI Fiber Distributed Data Interface
FDE Full Disk Encryption
FedRAMP Federal Risk and Authorization Management Program
FFRDC Federally Funded Research and Development Center
FIPS Federal Information Processing Standard
FTP File Transfer Protocol

G

GDPR General Data Protection Regulation

H

HIPAA Health Insurance Portability and Accountability Act
HSPD Homeland Security Presidential Directive
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
HVA High-Value Asset

I

IA Information Assurance
IA Identification and Authentication
IBAC Identity-Based Access Control
IC3 Internet Crime Complaint Center
ICAM Identity, Credential, and Access Management
ICS Industrial Control System
ID Identification
IDA Identification and Authentication
IDPS Intrusion Detection and Prevention Systems
IEC International Electrotechnical Commission
IETF Internet Engineering Task Force
IIoT Industrial Internet of Things
IoT Internet of Things
IP Internet Protocol
IPSec Internet Protocol Security
IR Incident Response
IS Information System
ISAC Information Sharing and Analysis Center
ISAO Information Sharing and Analysis Organization
ISCM Information Security Continuous Monitoring
ISDN Integrated Services Digital Network
ISO International Organization for Standardization
IT Information Technology
ITIL Information Technology Infrastructure Library

L# |Level Number |- LAN |Local Area Network |- LSI |Large-Scale Integration |-


Acronyms and Abbreviations |-

CMMC Glossary and Acronyms  Version 2.0 |32  

Acronyms and Abbreviations |-

MA |Maintenance |- MAC |Media Access Control |- MC |Maturity Capability |- MC## |Maturity Capability Number |- MDM |Mobile Device Management |- MEP |Manufacturing Extension Partnership |- MFA |Multifactor Authentication |- ML |Maturity Level |- ML# |Maturity Level Number |- MMC |Multimedia Card |- MP |Media Protection |- N/A |Not Applicable (NA) |- NARA |National Archives and Records Administration |- NAS |Networked Attached Storage |- NAS |National Aerospace Standard |- NCSC |National Cyber Security Centre |- NIST |National Institute of Standards and Technology |- NISTIR |NIST Interagency (or Internal) Report |- NPE |Non-Person Entity |- NSA |National Security Agency |- NSA/CSS |NSA Central Security Service |- NSPD |National Security Presidential Directive |- NSTISSD |National Security Telecommunications and Information Systems Security Directive NTP |Network Time Protocol |- NYSSCPA |New York State Society of CPAs |- OMB |Office of Management and Budget |- OS |Operating System |- OSC |Organization Seeking Certification |- OT |Operational Technology |- OUSD A&S |Office of the Under Secretary of Defense for Acquisition and Sustainment |- PCI |Personal Identity Verification Card Issuers |- PDA |Personal Digital Assistant |- PE |Physical Protection |- PGP |Pretty Good Privacy |- PII |Personally Identifiable Information |- PIV |Personal Identify Verification |-

CMMC Glossary and Acronyms  Version 2.0 |33  



PKI |Public Key Infrastructure |- PLC |Programmable Logic Controller |- POC |Point of Contact |- POTS |Plain Old Telephone Service |- PP |Physical Protection |- PPD |Presidential Policy Directive |- PS |Personnel Security |- PUB |Publication |- RADIUS |Remote Authentication Dial-in User Service RE |Recovery |- Rev |Revision |- RF |Radio Frequency |- RFC |Request for Comments |- RM |Risk Management |- RMM |Resilience Management Model |- RMM |Risk Management Model |- RPO |Recovery Point Objectives |- RTO |Recovery Time Objectives |- SA |Situational Awareness |- SaaS |Software as a Service |- SAS |Security Assessment |- SC |System and Communications Protection SCADA |Supervisory Control and Data Acquisition SCRM |Supply Chain Risk Management |- SHA |Security Hash Algorithm |- SI |System and Information Integrity |- SIEM |Security Integration and Event Management SMS |Short Message Service |- SOC |Security Operations Center |- SP |Special Publication |- SPF |Sender Policy Framework |- SSC |Secure Socket Layer |- SSD |Solid-State Disk |- SSP |System Security Plan |- SSP |Sector Specific Plan |- TLS |Transport Layer Security |-


Acronyms and Abbreviations |-

CMMC Glossary and Acronyms  Version 2.0 |34  



TTP |Tactics, Techniques, and Procedures |- U.S. |United States |- UARC |University Affiliated Research Center |- UK |United Kingdom |- UMD |Universal Media Disc |- URL |Uniform Resource Locator |- USB |Universal Serial Bus |- UTC |Coordinated Universal Time |- UUENCODE |Unix-to-Unix Encode |- VLAN |Virtual Local Area Network |- VoIP |Voice over Internet Protocol |- Vol. |Volume |- VPN |Virtual Private Network |- WAP |Wireless Access Point |- WPA2-PSK |WiFi Protected Access-Pre-shared Key |- xD |Extreme Digital (flash memory card device) |- |}