Navigating CMMC Acronyms in the Defense Industrial Base (DIB)
A helpful reference to the numerous acronyms associated with the Department of Defense, the CMMC, and the Defense Industrial Base.
- ANSI – American National Standards Institution
- APTs – Advanced Persistent Threats
- BOE – Body of Evidence
- C3PAO – CMMC Third-Party Assessment Organization
- CAGE – Commercial and Government Entity
- CAICO – CMMC Assessor and Instructor Certification Organization
- CCA – CMMC Certified Assessor
- CCEVS – Common Criteria Testing Laboratory Services
- CCI – CMMC Certified Instructor
- CCP – CMMC Certified Professional
- CFR – Code of Federal Regulations
- CIO – Chief Information Officer
- CJIS – Criminal Justice Information Services
- CMMC – Cybersecurity Maturity Model Certification
- CNSS – Committee on National Security Systems
- CoI – Conflict of Interest
- CoPC – Code of Professional Conduct
- COTS – Commercial-Off-The-Shelf
- CSF – Cybersecurity Framework
- CSP – Cloud Service Providers
- CUI – Controlled Unclassified Information
- DCMA – Defense Contract Management Agency
- DCS – Distributed Control Systems
- DIB – Defense Industrial Base
- DIBCAC – Defense Industrial Base Cybersecurity Assessment Center
- DoD CIO – Department of Defense Chief Information Officer
- DoD – Department of Defense
- DoDI – Department of Defense Instruction
- DoDIG – Department of Defense Inspector General
- DFARS – Defense Federal Acquisition Regulation Supplement
- E.O. – Executive Order
- eMASS – Enterprise Mission Assurance Support Service
- ERM – Enterprise Risk Management
- ESP – External Service Provider
- FAR – Federal Acquisition Regulation
- FCI – Federal Contract Information
- FedRAMP – Federal Risk and Authorization Management Program
- FIPS – Federal Information Processing Standard
- FISMA – Federal Information Security Management
- GFE – Government Furnished Equipment
- IAAC – Inter American Accreditation Cooperation
- IBR – Incorporated by Reference (Relating to ANSI)
- ICR – Information Collection Request
- ICS – Industrial Control Systems
- IEC – International Electrotechnical Commission
- ILAC – International Laboratory Accreditation Cooperation
- IoT – Internet of Things
- ISO – International Organization for Standardization
- ITAR – International Traffic in Arms Regulations
- MEP – Manufacturing Extension Partnership
- MRA – Mutual Recognition Arrangement
- NAICS – North American Industry Classification System
- NIAP – National Information Assurance Partnership
- NSDD – National Security Defense Directive
- OSA – Organization Seeking Assessment
- OSBP – Office of Small Business Programs
- OSC – Organization Seeking Certification
- OT – Operational Technology
- OUSDA(A&S) – Office of the Under Secretary of Defense for Acquisition and Sustainment
- PIV – Personal Identity Verification
- PMO – Program Management Office
- POA – Plan of Action
- POA&M – Plan of Action and Milestones
- PLC – Programmable Logic Controllers
- PUB – Publication
- NIST – National Institute of Standards and Technology
- NSS – National Security Systems
- RIA – Regulatory Impact Analysis
- RIN – Regulatory Identifier Number
- RMF – Risk Management Framework
- SBA – Small Business Administration
- SCADA – Supervisory Control and Data
- SOC – Service and Organizational Controls
- SOW – Statement of Work
- SP – Special Publication
- SPRS – Supplier Performance Risk System
- SSP – System Security Plan
- STIG – Security Technical Implementation Guides
This list was compiled from just one DoD publication regarding the CMMC program and an upcoming proposed rule.
– Federal Register / Vol. 88, No. 246 / Tuesday, 12-26-23 / Proposed Rules