Security & Compliance Glossary
Key terms and definitions in cybersecurity, compliance frameworks, and industrial control systems.
216 terms
Access Control
Access Control is a fundamental component of cybersecurity that determines who is allowed to access and interact with resources within a network. In the context of OT/IT cybersecurity, access control...
Access Control List
An Access Control List (ACL) is a set of rules that determines which users or systems are granted or denied access to specific resources within a network. ACLs are crucial for managing permissions and...
Advanced Cyber Hygiene
Advanced Cyber Hygiene refers to a comprehensive and proactive approach to maintaining and improving the security posture of an organization by implementing best practices and procedures that go beyon...
Affirming Official (CMMC)
The Affirming Official is the senior company representative who certifies CMMC compliance under penalty of the False Claims Act — personally liable for the accuracy of every control statement in the SSP.
Air-gapped Network
An air-gapped network is a network that is physically isolated from the public internet and all external networks, with no wired or wireless connectivity path between the isolated environment and outside systems.
Antivirus
An antivirus is a software program designed to detect, prevent, and remove malicious software, known as malware, from computers and networks. In the context of OT/IT cybersecurity, antivirus solutions...
Asset Management
Asset Management refers to the systematic process of developing, operating, maintaining, upgrading, and disposing of assets in a cost-effective manner. In the context of OT/IT cybersecurity, asset man...
Authentication Methods
Authentication methods are techniques used to verify the identity of a user, device, or system before granting access to a network or application. In the context of OT/IT cybersecurity, these methods...
Backup and Restore
Backup and Restore is the process of copying and archiving data to ensure it can be recovered in the event of data loss, and subsequently retrieving that data to restore normal operations. This critic...
Biometric Authentication
Biometric Authentication is a security process that verifies a user's identity based on unique biological characteristics, such as fingerprints or facial features. This method is increasingly utilized...
Business Continuity Planning
Business Continuity Planning (BCP) is a proactive process designed to ensure that an organization can continue to operate during and after a disruption or crisis. It involves identifying potential ris...
C3PAO
A C3PAO (CMMC Third-Party Assessor Organization) is an Accreditation Body-authorized firm that conducts the formal CMMC Level 2 certification assessment for defense contractors handling Controlled Unclassified Information.
Change Management
Change Management is the systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies. Within the realm of OT/IT cybersecurity, it specif...
Cloud Security
Cloud Security refers to the set of policies, technologies, and controls deployed to protect data, applications, and infrastructure associated with cloud computing environments. It encompasses a wide...
CMMC
Cybersecurity Maturity Model Certification (CMMC) is a framework designed to enhance the protection of sensitive unclassified information within the Defense Industrial Base (DIB). It mandates cybersec...
CMMC Enduring Exception
A CMMC enduring exception is a documented acknowledgment that a specific asset cannot natively implement a required security control due to hardware or firmware limitations, requiring a compensating control to mitigate the residual risk.
CMMC Level 1
CMMC Level 1, or Basic Cyber Hygiene, represents the foundational tier of the Cybersecurity Maturity Model Certification (CMMC), focusing on implementing fundamental cybersecurity practices to protect...
CMMC Level 2
CMMC Level 2 refers to the second level of the Cybersecurity Maturity Model Certification (CMMC), which is designed to ensure that Defense Industrial Base (DIB) contractors implement effective cyberse...
CMMC Shared Responsibility Matrix
A CMMC shared responsibility matrix maps every NIST 800-171 control to the party responsible for enforcing it, showing which controls are handled by a security tool, which are customer-owned, and which require compensating controls for OT assets.
Compensating Control (CMMC)
A compensating control is a security mechanism that provides equivalent protection when a NIST SP 800-171 control cannot be implemented on the asset itself — required whenever an asset qualifies for a CMMC Enduring Exception.
Compliance Auditing
Compliance auditing refers to the process of evaluating an organization's adherence to regulatory standards, policies, and guidelines. In the context of cybersecurity, it involves ensuring that system...
Compliance Framework
A compliance framework is a structured set of guidelines and best practices designed to help organizations meet regulatory requirements and manage risks effectively. In the context of OT/IT cybersecur...
Compliance Software
Compliance software is a specialized tool designed to help organizations manage and adhere to regulatory requirements, industry standards, and internal policies. It often integrates with Governance, R...
Configuration Management
Configuration Management (CM) is a process for maintaining consistency of a system's performance, functional, and physical attributes with its requirements, design, and operational information through...
Contractor Evaluation
Contractor evaluation is the systematic process of assessing and approving vendors, suppliers, or contractors to ensure they meet the necessary standards and requirements for a specific project or col...
Controlled Unclassified Information
Controlled Unclassified Information (CUI) refers to information that the U.S. federal government creates or possesses, which requires safeguarding or dissemination controls consistent with applicable...
Credential Management
Credential Management refers to the processes and technologies used to securely store, manage, and utilize user credentials such as passwords, security tokens, and digital certificates. It ensures tha...
Critical Infrastructure Protection
Critical Infrastructure Protection (CIP) refers to the strategies, policies, and practices implemented to safeguard the essential systems and assets that are vital for the functioning of a society and...
Cross-Site Scripting
Cross-Site Scripting (XSS) is a type of web vulnerability that allows attackers to inject malicious scripts into webpages viewed by other users. This attack vector can be used to compromise the securi...
CUI Enclave
A CUI enclave is an isolated network segment that contains all systems storing, processing, or transmitting Controlled Unclassified Information, enforced through identity-based access controls rather than simple network separation.
Customer Portal
A customer portal is a secure online platform that provides clients with access to personalized information, services, and tools related to a company's products or services. It acts as a gateway for c...
Customer Reference
Customer reference, also known as a client reference or testimonial, is a statement or endorsement from a satisfied customer about their positive experience with a company's product or service. In the...