Security & Compliance Glossary
Key terms and definitions in cybersecurity, compliance frameworks, and industrial control systems.
216 terms
Access Control
Access Control is a fundamental component of cybersecurity that determines who is allowed to access and interact with resources within a network. In the context of OT/IT cybersecurity, access control...
Access Control List
An Access Control List (ACL) is a set of rules that determines which users or systems are granted or denied access to specific resources within a network. ACLs are crucial for managing permissions and...
Advanced Cyber Hygiene
Advanced Cyber Hygiene refers to a comprehensive and proactive approach to maintaining and improving the security posture of an organization by implementing best practices and procedures that go beyon...
Affirming Official (CMMC)
The Affirming Official is the senior company representative who certifies CMMC compliance under penalty of the False Claims Act — personally liable for the accuracy of every control statement in the SSP.
Air-gapped Network
An air-gapped network is a network that is physically isolated from the public internet and all external networks, with no wired or wireless connectivity path between the isolated environment and outside systems.
Antivirus
An antivirus is a software program designed to detect, prevent, and remove malicious software, known as malware, from computers and networks. In the context of OT/IT cybersecurity, antivirus solutions...
Asset Management
Asset Management refers to the systematic process of developing, operating, maintaining, upgrading, and disposing of assets in a cost-effective manner. In the context of OT/IT cybersecurity, asset man...
Authentication Methods
Authentication methods are techniques used to verify the identity of a user, device, or system before granting access to a network or application. In the context of OT/IT cybersecurity, these methods...
Backup and Restore
Backup and Restore is the process of copying and archiving data to ensure it can be recovered in the event of data loss, and subsequently retrieving that data to restore normal operations. This critic...
Biometric Authentication
Biometric Authentication is a security process that verifies a user's identity based on unique biological characteristics, such as fingerprints or facial features. This method is increasingly utilized...
Business Continuity Planning
Business Continuity Planning (BCP) is a proactive process designed to ensure that an organization can continue to operate during and after a disruption or crisis. It involves identifying potential ris...
C3PAO
A C3PAO (CMMC Third-Party Assessor Organization) is an Accreditation Body-authorized firm that conducts the formal CMMC Level 2 certification assessment for defense contractors handling Controlled Unclassified Information.
Change Management
Change Management is the systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies. Within the realm of OT/IT cybersecurity, it specif...
Cloud Security
Cloud Security refers to the set of policies, technologies, and controls deployed to protect data, applications, and infrastructure associated with cloud computing environments. It encompasses a wide...
CMMC
Cybersecurity Maturity Model Certification (CMMC) is a framework designed to enhance the protection of sensitive unclassified information within the Defense Industrial Base (DIB). It mandates cybersec...
CMMC Enduring Exception
A CMMC enduring exception is a documented acknowledgment that a specific asset cannot natively implement a required security control due to hardware or firmware limitations, requiring a compensating control to mitigate the residual risk.
CMMC Level 1
CMMC Level 1, or Basic Cyber Hygiene, represents the foundational tier of the Cybersecurity Maturity Model Certification (CMMC), focusing on implementing fundamental cybersecurity practices to protect...
CMMC Level 2
CMMC Level 2 refers to the second level of the Cybersecurity Maturity Model Certification (CMMC), which is designed to ensure that Defense Industrial Base (DIB) contractors implement effective cyberse...
CMMC Shared Responsibility Matrix
A CMMC shared responsibility matrix maps every NIST 800-171 control to the party responsible for enforcing it, showing which controls are handled by a security tool, which are customer-owned, and which require compensating controls for OT assets.
Compensating Control (CMMC)
A compensating control is a security mechanism that provides equivalent protection when a NIST SP 800-171 control cannot be implemented on the asset itself — required whenever an asset qualifies for a CMMC Enduring Exception.
Compliance Auditing
Compliance auditing refers to the process of evaluating an organization's adherence to regulatory standards, policies, and guidelines. In the context of cybersecurity, it involves ensuring that system...
Compliance Framework
A compliance framework is a structured set of guidelines and best practices designed to help organizations meet regulatory requirements and manage risks effectively. In the context of OT/IT cybersecur...
Compliance Software
Compliance software is a specialized tool designed to help organizations manage and adhere to regulatory requirements, industry standards, and internal policies. It often integrates with Governance, R...
Configuration Management
Configuration Management (CM) is a process for maintaining consistency of a system's performance, functional, and physical attributes with its requirements, design, and operational information through...
Contractor Evaluation
Contractor evaluation is the systematic process of assessing and approving vendors, suppliers, or contractors to ensure they meet the necessary standards and requirements for a specific project or col...
Controlled Unclassified Information
Controlled Unclassified Information (CUI) refers to information that the U.S. federal government creates or possesses, which requires safeguarding or dissemination controls consistent with applicable...
Credential Management
Credential Management refers to the processes and technologies used to securely store, manage, and utilize user credentials such as passwords, security tokens, and digital certificates. It ensures tha...
Critical Infrastructure Protection
Critical Infrastructure Protection (CIP) refers to the strategies, policies, and practices implemented to safeguard the essential systems and assets that are vital for the functioning of a society and...
Cross-Site Scripting
Cross-Site Scripting (XSS) is a type of web vulnerability that allows attackers to inject malicious scripts into webpages viewed by other users. This attack vector can be used to compromise the securi...
CUI Enclave
A CUI enclave is an isolated network segment that contains all systems storing, processing, or transmitting Controlled Unclassified Information, enforced through identity-based access controls rather than simple network separation.
Customer Portal
A customer portal is a secure online platform that provides clients with access to personalized information, services, and tools related to a company's products or services. It acts as a gateway for c...
Customer Reference
Customer reference, also known as a client reference or testimonial, is a statement or endorsement from a satisfied customer about their positive experience with a company's product or service. In the...
›Browse all entries (216)
- Access Control
- Access Control List
- Advanced Cyber Hygiene
- Affirming Official (CMMC)
- Air-gapped Network
- Antivirus
- Asset Management
- Authentication Methods
- Backup and Restore
- Biometric Authentication
- Business Continuity Planning
- C3PAO
- Change Management
- Cloud Security
- CMMC
- CMMC Enduring Exception
- CMMC Level 1
- CMMC Level 2
- CMMC Shared Responsibility Matrix
- Compensating Control (CMMC)
- Compliance Auditing
- Compliance Framework
- Compliance Software
- Configuration Management
- Contractor Evaluation
- Controlled Unclassified Information
- Credential Management
- Critical Infrastructure Protection
- Cross-Site Scripting
- CUI Enclave
- Customer Portal
- Customer Reference
- Cyber Attack
- Cyber-Physical Systems
- Cybersecurity Awareness Training
- Cybersecurity Frameworks
- Cybersecurity Incident (OT)
- Cybersecurity Maturity
- Data Breach
- Data Center
- Data Encryption
- Data Integrity
- Data Loss Prevention
- Data Redundancy
- Data Retention Policies
- Defense Contracting
- Defense Industrial Base
- Delivery Schedule
- Deny-by-Default (OT)
- Device Management
- DFARS (Defense Federal Acquisition Regulation Supplement)
- Digital Forensics
- Disadvantaged Business Enterprise Program
- Disaster Recovery
- Domestic Manufacturing
- Domestic Sourcing
- DTM 25-003
- Email Archive
- Encrypted Email
- Encryption
- Endpoint Protection
- Ethernet
- Export Control Classification Number
- Firewall
- Firewall Configuration
- Flowdown
- GCC High
- Google Workspace
- Governance Risk and Compliance Software
- Government Buyers
- Government Procurement
- Identity and Access Management
- Identity Management
- IEC 62443
- Incident Response
- Industrial Control Systems Security
- Industrial Cybersecurity Standards
- Industrial DMZ
- Industrial Networking
- Information Governance
- Information Technology Security
- Insider Threat
- Internet Protocol
- Intrusion Detection System
- Intrusion Prevention System
- Inventory Management System
- Invoice Tracking
- IoT in Manufacturing
- IoT Security
- ISO 9001 Compliance
- ISO/IEC 27001
- IT Support
- IT Troubleshooting
- Job Ticket
- Lead Time
- Least Privilege Principle
- Login Management
- Logistics Management
- Lollipop Architecture
- Machine Network
- Made in USA
- Malware in OT Environments
- Manufacturing Readiness
- Micro-DMZ
- Mobile Access
- Multi-Factor Authentication
- NERC CIP
- Network Access Control
- Network and Information Systems Directive
- Network Security
- Network Segmentation
- NIST SP 800-171
- NIST SP 800-82
- Off-Site Backup
- OIV et OSE (NIS2)
- On-Site Backup
- Online Forms
- Operational Efficiency
- Operational Technology Security
- OT/IT Convergence
- Overlay Networking (OT context)
- Passive Asset Discovery (OT)
- Password Management
- Password Policy
- Patch Management
- Patch Update
- PC Login
- Phishing in OT Environments
- Physical Security
- Physical Security Information Management
- PO Number
- Preventive Maintenance
- Prime Contractor
- Printer Access
- Product Specs
- Production Order
- Production Readiness
- Programmable Logic Controllers
- Protocol Filtering (OT)
- Public Key Infrastructure
- Purdue Model
- Quality Assurance
- Quality Control
- Ransomware in OT Environments
- Registration
- Remote Access
- Remote Desktop Protocol
- RFQ
- Risk Assessment
- Risk Management
- Risk Management Framework (RMF for ICS/OT)
- Role-Based Access Control
- Root Cause Analysis
- Ruggedized Devices
- Secure Access Gateway
- Secure Communications
- Secure Email
- Secure File Sharing
- Secure Network
- Secure Sockets Layer and Transport Layer Security
- Security Audit
- Security Checklist
- Security Configuration
- Security Information and Event Management
- Security Patching
- Security Policy
- Security Tokens
- Server Room
- Set-Aside Contracts
- Shared Drive
- Shop Computer
- Shop Floor
- Single Sign-On
- Small Business Set-Aside
- Social Engineering
- Spear Phishing
- Specialized Asset (CMMC)
- SQL Injection
- Standard Operating Procedures
- Statistical Process Control
- Strong Password
- Subcontractor Management
- Supervisory Control and Data Acquisition
- Supplier Portal
- Supply Chain Security
- System Maintenance
- System Restart
- Team Collaboration
- Third-Party Risk Management
- Threat Intelligence
- Time Clock
- Tool Tracking
- Total Quality Management
- Transmission Control Protocol
- Transport Layer Security
- Two-Factor Authentication
- Two-Factor Login
- udp-(user-datagram-protocol)
- User Access Management
- User Authentication
- User Permissions
- Vendor Assessment
- Vendor List
- VPN
- Vulnerability Assessment
- Vulnerability Management
- Wi-Fi Password
- Wireless Encryption Standards
- Work Instructions
- Work Order
- Workstation
- Zero Trust Architecture
- Zero Trust for OT
- Zero Trust Network Access
- Zero Trust Security
- Zero-Day Exploit