Glossary

Terms are based on how they relate to information technology systems, cybersecurity, data security, and the frameworks that use them.

Advanced Encryption Standard (AES)Application Programming Interface (API)AssessmentAuditBaselineBaseline SecurityBlue TeamBreachCERT Resilience Management Model (CERT-RMM)Chief Information Officer (CIO)Code of Federal Regulations (CFR)Committee on National Security Systems (CNNSD)Common Vulnerabilities and Exposures (CVE)Computer Emergency Response Team (CERT)Configuration Management (CM)Controlled Technical Information (CTI)Controlled Unclassified Information (CUI)Coordinated Universal Time (UTC)Covered Defense Information (CDI)Cybersecurity Framework (CSF)Cybersecurity Maturity Model Certification (CMMC)Defense Federal Acquisition Regulation Supplement (DFARS)Defense Industrial Base (DIB)Department of Defense (DoD)Department of Defense Instruction (DoDI)EncryptionEnvironmentFederal Acquisition Regulation (FAR)Federal Contract Information (FCI)Federal Risk and Authorization Management Program (FedRAMP)IncidentInsider ThreatInternational Organization for Standardization (ISO)Internet of Things (IoT)Least PrivilegeMobile Device Management (MDM)Multifactor Authentication (MFA)National Archives and Records Administration (NARA)National Institute of Standards and Technology (NIST)NIST Interagency/Internal Report (NISTIR)Penetration Testing (Pentesting)Pretty Good Privacy (PGP)Public Key Infrastructure (PKI)RecoveryRecovery Point Objectives (RPO)Recovery Time Objectives (RTO)Red TeamReportingResidual RiskResilienceRisk Management Model (RMM)SandboxingSupply ChainVulnerability Management