[ultimate_heading main_heading=”Resources” heading_tag=”h1″ main_heading_color=”#ffffff” sub_heading_color=”#ffffff” alignment=”left” main_heading_margin=”margin-bottom:5px;” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” sub_heading_font_size=”desktop:20px;”]Making sense of all the terms related to Cybersecurity and CMMC compliance can be hard. This handy glossary will provide you with all the definitions you need to know.[/ultimate_heading]
[ultimate_heading alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]Accreditation – The process of issuing Licenses and Certificates.

Accreditation Body Board of Directors – The board of directors is the governing body of a nonprofit. Individuals who sit on the board are responsible for overseeing the organization’s activities. Directors meet periodically to discuss and vote on the affairs of the organization.

Advisory Councils – Advisory Councils operate at the discretion of, but independently from the board, to inform and advise the board from the perspective of the Advisory Council’s membership. The advisory council’s leaders participate in the board as non-voting members.

Affiliates – Business concerns, organizations, or individuals that control each other or that are controlled by a common third party. Control may consist of shared management or ownership; common use of facilities, equipment, and employees; or family interest.

Assessment – Formal process of assessing the implementation and reliable use of issuer controls using various methods of assessment (e.g., interviews, document reviews, observations) that support the assertion that an issuer is reliably meeting the requirements of a standard. In the context of CMMC, Assessments are performed against the requirements set forth in the CMMC for the OSC’s desired CMMC Level. Source: NIST SP 800-79-2 (adapted).

Asset Owner – A person or organizational unit (internal or external to the organization) with primary responsibility for the viability, productivity, security, and resilience of an organizational asset. Source: RMM

Association – The process of linking an Assessor’s License Number with the License Number of a C3PAO.

Audit – Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures. Source: NIST SP 800-32[/ultimate_heading]

[ultimate_heading alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]Certified 3rd Party Assessment Organization (“C3PAO”) – An entity that is certified to be contracted to an Organization Seeking Compliance (OSC) to provide consultative advice OR certified assessments.

Certificate – A record issued to an Organization Seeking Compliance (OSC) upon successful completion of an assessment which evidences the CMMC Level against which the OSC has been successfully assessed.

Certification – The process of receiving a Certificate.

Certified Assessor (CA) – A person who has successfully completed the background, training, and examination requirements as outlined by the CMMC-AB (at one of 3 levels) and to whom a certification has been issued. Assessors are not CMMC-AB employees.

Certified Professional (CP) – An individual authorized to participate as an assessment team member under the supervision of a Certified Assessor, eligible for training to become a Certified Assessor (CA), and credentialed as an individual with the training to understand the requirements of CMMC for a DoD supplier.

CMMC – The set of standards initially defined by the DoD against which an Organization Seeking Compliance (OSC) is to be assessed.

CMMC Certified Organization – An organization whose cybersecurity program has received a CMMC Certificate from the CMMC-AB.

Compliance – Verification that the planned cybersecurity of the system is being properly and effectively implemented and operated, usually through the use of assessments/audits. Source: CMMC

Control – The methods, policies, and procedures—manual or automated—used by an organization to safeguard and protect assets, promote efficiency, or adhere to standards. A measure that is modifying risk. (Note: controls include any process, policy, device, practice, or other actions which modify risk.) Source: NISTIR 8053 (adapted).

CUI (Controlled Unclassified Information) – Information that requires safeguarding or dissemination controls pursuant to and consistent with the law, regulations, and government-wide policies, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended. Source: E.O. 13556 (adapted)

Cybersecurity – Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. Source: NSPD-54/HSPD-23[/ultimate_heading]

[ultimate_heading alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]Defense Supply Chain (DSC) – The worldwide industrial complex that enables research and development, as well as design, production, delivery, and maintenance of military weapons systems, subsystems, and components or parts, to meet U.S. military requirements. The term DSC was substituted for Defense Industrial Base to reflect more specifically the base subject to CMMC assessments.

Digital Signature – An electronic file which is used to authenticate other electronic files and to encrypt files at rest and/or in motion.

Dispute – A formal process managed by the CMMC-AB through which an Assessor and an Organization Seeking Compliance (OSC) can seek resolution of a disagreement over the Assessment results.

Dispute Adjudicator – A CMMC-AB employee who is responsible for reviewing and resolving a Dispute.[/ultimate_heading]

[ultimate_heading alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]Educator – CMMC-AB employees who are tasked with educating and testing prospective and current Trainers.

Entity – A legal non-person organization duly created and maintained under the laws of one or more jurisdictions, including without limitation corporations, limited liability partnerships, limited liability companies, and governmental agencies but excluding unincorporated organizations such as, without limitation, partnerships.[/ultimate_heading]

[ultimate_heading alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]FCI (Federal Contract Information) – information not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public Web sites) or simple transactional information, such as necessary to process payments. Source: 48 CFR § 52.204-21[/ultimate_heading]
[ultimate_heading alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]License – A document issued to an Assessor, C3PAO, or Trainer, as appropriate, entitling them to perform their duties with respect to the CMMC-AB as further outlined below.

License Number – A unique identifier linked to each Assessor, C3PAO, and Trainer.[/ultimate_heading]

[ultimate_heading alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]Multi-factor Authentication – Authentication that uses two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/personal identification number (PIN)); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). Source: NIST SP 800-53 Rev 4, CNSSI 4009.[/ultimate_heading]
[ultimate_heading alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]Organization – An entity of any size, complexity, or positioning within an organizational structure (e.g., a federal agency, or, as appropriate, any of its operational elements). Source: CMMC.

Organization Seeking Certification (OSC) – The organization that is going through the CMMC assessment process to receive a level of Certification for a given environment. Source: CMMC.[/ultimate_heading]

[ultimate_heading alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]Record – A physical document, electronic file, entry in an electronic database, or the like.

Registered Practitioner (RP) – Professionals who provide consultative services that include non-certified CMMC advice in their services. RPs are not permitted to participate on certified assessment teams. Source: CMM.

Registered Provider Organization (RPO) – An organization authorized to represent itself as familiar with the basic constructs of the CMMC Standard, with a CMMC-AB provided logo, to deliver non-certified CMMC Consulting Services. Signifies that the organization has agreed to the CMMC-AB Code of Professional Conduct. Source: CMMC.[/ultimate_heading]

[ultimate_heading alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]Trainer – A person licensed to provide training to prospective and current Assessors. The Trainers are not CMMC-AB employees.[/ultimate_heading]
[ultimate_heading main_heading=”NAICS Codes” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]We can support companies that fall under the following codes of the North American Industry Classification System (NAICS):[/ultimate_heading]
[ultimate_heading alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]423430 – Computer and Computer Peripheral Equipment and Software Merchant Wholesalers

511210 – Software Publishers

512110 – Motion Picture and Video Production

517210 – Wireless Telecommunications Carriers (Except Satellite)

517911 – Telecommunications Resellers

517919 – All Other Telecommunications

519130 – Internet Publishing and Broadcasting and Web Search Portals

541330 – Engineering Services

541511 – Custom Computer Programming Services

541512 – Computer Systems Design Services

541513 – Computer Facilities Management Services

541519 – Other Computer Related Services[/ultimate_heading]

[ultimate_heading alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”]541611 – Administrative Management and General Management Consulting Services

541614 – Process, Physical Distribution, and Logistics Consulting Services

541618 – Other Management Consulting Services

541690 – Other Scientific and Technical Consulting Services

541712 – Research and Development in The Physical, Engineering, and Life Sciences

541990 – All Other Professional, Scientific, and Technical Services

561210 – Facilities Support Services

561320 – Temporary Help Services

611699 – All Other Miscellaneous Schools and Instruction

921190 – Other General Government Support

928110 – National Security[/ultimate_heading]

[ultimate_heading main_heading=”SPRS PTAC Training” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:20px;”][/ultimate_heading]
Loader Loading...
EAD Logo Taking too long?
Reload Reload document
| Open Open in new tab

Download [1.26 MB]

[ultimate_spacer height=”200″]
[ultimate_heading main_heading=”Brea Networks, LLC (HQ)” main_heading_color=”#ffffff” sub_heading_color=”#ffffff” alignment=”left” sub_heading_line_height=”desktop:28px;” main_heading_margin=”margin-bottom:15px;” sub_heading_font_size=”desktop:20px;” margin_design_tab_text=””]451 W. Lambert Rd Suite 214, Brea, CA 92821
United States of America

Phone: (714) 592-0063[/ultimate_heading]

[ultimate_heading main_heading=”Contact Us” sub_heading_color=”#9a1c2c” alignment=”left” sub_heading_line_height=”desktop:28px;” sub_heading_margin=”margin-bottom:35px;” main_heading_margin=”margin-bottom:5px;” sub_heading_font_size=”desktop:20px;”]Do you have any CMMC compliance inquiries? Fill out the form below to contact our experts.[/ultimate_heading]
Image of trophy that reads "Most promising emerging managed communication service company 2022, Brea Networks"
Image of trophy that reads "Top 100 security awareness training services providers 2023, awarded by cybersecurity review."