NIST 800-171
Security requirement framework for protecting CUI in nonfederal systems.
NIST 800-171 baseline for Level 2-aligned CMMC readiness.
Defense Compliance Glossary
Definitions for CMMC, DFARS, NIST, and related defense compliance terms.
RPO
Registered Provider Organization supporting CMMC readiness activities.
RPO role in pre-assessment readiness and implementation.
C3PAO
Certified Third-Party Assessment Organization authorized to perform CMMC assessments.
Role of C3PAOs in formal CMMC certification.
GCC
Microsoft Government Community Cloud for U.S. public sector requirements.
GCC environment overview for defense organizations.
SSP
System Security Plan describing implemented controls and system boundaries.
System Security Plan requirements in defense compliance assessments.
POA&M
Plan of Action and Milestones used to track and close compliance gaps.
POA&M planning and remediation tracking for CMMC programs.
GCC High
Microsoft cloud environment designed for U.S. government and defense compliance needs.
GCC High for defense contractor compliance environments.
SPRS
Supplier Performance Risk System used for DoD supplier risk and score reporting.
SPRS scoring for defense suppliers.
DFARS
Defense Federal Acquisition Regulation Supplement for DoD procurement requirements.
DFARS requirements and contract flow-down context.
FCI
Federal Contract Information generated for or provided by the U.S. Government.
Federal Contract Information under CMMC.
CUI
Controlled Unclassified Information regulated by federal handling requirements.
Controlled Unclassified Information in defense contract workflows.