Security & Compliance Glossary
Key terms and definitions in cybersecurity, compliance frameworks, and industrial control systems.
211 terms
Access Control
Access Control is a fundamental component of cybersecurity that determines who is allowed to access and interact with resources within a network. In the context of OT/IT cybersecurity, access control...
Access Control List
An Access Control List (ACL) is a set of rules that determines which users or systems are granted or denied access to specific resources within a network. ACLs are crucial for managing permissions and...
Advanced Cyber Hygiene
Advanced Cyber Hygiene refers to a comprehensive and proactive approach to maintaining and improving the security posture of an organization by implementing best practices and procedures that go beyon...
Air-gapped Network
An air-gapped network is a network that is physically isolated from the public internet and all external networks, with no wired or wireless connectivity path between the isolated environment and outside systems.
Antivirus
An antivirus is a software program designed to detect, prevent, and remove malicious software, known as malware, from computers and networks. In the context of OT/IT cybersecurity, antivirus solutions...
Asset Management
Asset Management refers to the systematic process of developing, operating, maintaining, upgrading, and disposing of assets in a cost-effective manner. In the context of OT/IT cybersecurity, asset man...
Authentication Methods
Authentication methods are techniques used to verify the identity of a user, device, or system before granting access to a network or application. In the context of OT/IT cybersecurity, these methods...
Backup and Restore
Backup and Restore is the process of copying and archiving data to ensure it can be recovered in the event of data loss, and subsequently retrieving that data to restore normal operations. This critic...
Biometric Authentication
Biometric Authentication is a security process that verifies a user's identity based on unique biological characteristics, such as fingerprints or facial features. This method is increasingly utilized...
Business Continuity Planning
Business Continuity Planning (BCP) is a proactive process designed to ensure that an organization can continue to operate during and after a disruption or crisis. It involves identifying potential ris...
Change Management
Change Management is the systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies. Within the realm of OT/IT cybersecurity, it specif...
Cloud Security
Cloud Security refers to the set of policies, technologies, and controls deployed to protect data, applications, and infrastructure associated with cloud computing environments. It encompasses a wide...
CMMC
Cybersecurity Maturity Model Certification (CMMC) is a framework designed to enhance the protection of sensitive unclassified information within the Defense Industrial Base (DIB). It mandates cybersec...
CMMC Enduring Exception
A CMMC enduring exception is a documented acknowledgment that a specific asset cannot natively implement a required security control due to hardware or firmware limitations, requiring a compensating control to mitigate the residual risk.
CMMC Level 1
CMMC Level 1, or Basic Cyber Hygiene, represents the foundational tier of the Cybersecurity Maturity Model Certification (CMMC), focusing on implementing fundamental cybersecurity practices to protect...
CMMC Level 2
CMMC Level 2 refers to the second level of the Cybersecurity Maturity Model Certification (CMMC), which is designed to ensure that Defense Industrial Base (DIB) contractors implement effective cyberse...
Compliance Auditing
Compliance auditing refers to the process of evaluating an organization's adherence to regulatory standards, policies, and guidelines. In the context of cybersecurity, it involves ensuring that system...
Compliance Framework
A compliance framework is a structured set of guidelines and best practices designed to help organizations meet regulatory requirements and manage risks effectively. In the context of OT/IT cybersecur...
Compliance Software
Compliance software is a specialized tool designed to help organizations manage and adhere to regulatory requirements, industry standards, and internal policies. It often integrates with Governance, R...
Configuration Management
Configuration Management (CM) is a process for maintaining consistency of a system's performance, functional, and physical attributes with its requirements, design, and operational information through...
Contract Number
A contract number is a unique identifier assigned to a specific contract to facilitate tracking, management, and reference throughout the contract lifecycle. In the context of government contracting,...
Contractor Evaluation
Contractor evaluation is the systematic process of assessing and approving vendors, suppliers, or contractors to ensure they meet the necessary standards and requirements for a specific project or col...
Controlled Unclassified Information
Controlled Unclassified Information (CUI) refers to information that the U.S. federal government creates or possesses, which requires safeguarding or dissemination controls consistent with applicable...
Credential Management
Credential Management refers to the processes and technologies used to securely store, manage, and utilize user credentials such as passwords, security tokens, and digital certificates. It ensures tha...
Critical Infrastructure Protection
Critical Infrastructure Protection (CIP) refers to the strategies, policies, and practices implemented to safeguard the essential systems and assets that are vital for the functioning of a society and...
Cross-Site Scripting
Cross-Site Scripting (XSS) is a type of web vulnerability that allows attackers to inject malicious scripts into webpages viewed by other users. This attack vector can be used to compromise the securi...
CUI Enclave
A CUI enclave is an isolated network segment that contains all systems storing, processing, or transmitting Controlled Unclassified Information, enforced through identity-based access controls rather than simple network separation.
Customer Portal
A customer portal is a secure online platform that provides clients with access to personalized information, services, and tools related to a company's products or services. It acts as a gateway for c...
Customer Reference
Customer reference, also known as a client reference or testimonial, is a statement or endorsement from a satisfied customer about their positive experience with a company's product or service. In the...
Cyber Attack
A cyber attack is a deliberate attempt by an individual or organization to breach the information systems of another individual or organization. These attacks can target a wide range of digital assets...
Cyber Box
A Cyber Box is a security appliance designed to protect networks by managing and controlling the flow of data between different network segments. These devices can include features such as firewalls,...
Cyber-Physical Systems
Cyber-Physical Systems (CPS) refer to integrations of computation, networking, and physical processes. In these systems, embedded computers and networks monitor and control the physical processes, usu...