CMMC
CMMC 2.0 - The Basics
Security requirements such as NIST 800-171 and CMMC and what federal IT pros need to know about how they impact cybersecurity and how to comply.
CMMC Acronym Soup - The Terms You Need to Know
Understand all the Acronyms related to CMMC and NIST 800-171 as you navigate your cybersecurity compliance journey.
Rob Zamani
Apr 3, 2023
Government agencies frequently use acronyms to communicate more efficiently and effectively. The use of acronyms allows government employees to communicate complex and lengthy ideas or concepts in fewer words, making them easier to understand and communicate within the agency. Acronyms are frequently used as a form of shorthand, allowing government officials to refer to important programs, policies, or procedures without having to spell out the entire name. While acronyms can be a useful tool for government agencies, they can also be confusing or inaccessible to the general public or employees who are unfamiliar with the agency's specific jargon or terminology.
As a result, government agencies must strike a balance between using acronyms to improve internal communication and avoiding creating unnecessary barriers to understanding for the public or other stakeholders. As CMMC continues to emerge so do all the new terms and acronyms. Here is a list of all the new ones you need to be aware of and some you might recognize.
| Acronym | Description |
| DoD | Department of Defense |
| OUSD(A&S) | Office of the Under Secretary of Defense for Acquisition & Sustainment |
| FAR | Federal Acquisition Regulation |
| DFARS | Defense Federal Acquisition Regulation Supplement |
| SPRS | Supplier Performance Risk System |
| DIB | Defense Industrial Base |
| OSC | Organization Seeking Certification |
| CMMC | Cybersecurity Maturity Model Certification |
| C3PA0 | CMMC Third-Party Assessment Organization |
| CAICO | CMMC Assessors and Instructors Certification Organization |
| CCP | Certified CMMC Professional |
| PA | Provisional Assessor |
| CCA | Certified CMMC Assessor |
| RP | Registered Practitioner |
| RPA | Registered Practitioner Advanced |
| RPO | Registered Practitioner Organization |
| LTP | Licensed Training Provider (for CMMC) |
| LPP | Licensed Publishing Partner (for CMMC) |
| PI | Provisional Instructor |
| CCI | Certified CMMC Instructor |
| CUI | Controlled Unclassified Information |
| FCI | Federal Contract Information |
| NARA | National Archives and Records Administration |
| FIPS | Federal Information Processing Standard |
| NIST | National Institute of Standards and Technology |
| SSP | System Security Plan |
| POAM | Plan of Action & Milestone |
These acronyms are frequently used in CMMC-related discussions, documents, and assessments, and are important for contractors and organizations seeking to comply with the CMMC requirements to understand.