Glossary and Acronyms

Glossary and AcronymsMatthew Titcombe2025-04-25T15:17:29-04:00

Glossary of terms for NIST SP 800-171 and CMMC

Access Control
alternate work site
assessment
certification assessment
Certification Assessment Readiness Review
CARR
gap assessment
ISO conformity assessment
mock assessment
self-assessment

Key CMMC Organizations

Key Regulations

Key References

Key Acquisition References

48 CFR § 52.204-21 – Basic Safeguarding of Covered Contractor Information Systems
DFARS Clause 252.204-7008 Compliance with Safeguarding Covered Defense Information Controls.
DFARS Clause 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.
DFARS Clause 252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements
DFARS Clause 252.204-7020 NIST SP 800-171 DoD Assessment Requirements.
DFARS Clause 252.204-7021 Cybersecurity Maturity Model Certification Requirement.

Other Key Sites

An Authorized CMMC 3rd Party Assessment Organization (C3PAO)