Glossary
Technology terms, explained for business
Short definitions, why each term matters, and links to deeper reading.
- CMMC — Cybersecurity Maturity Model Certification for the defense industrial base.
- NIST SP 800-171 — Security requirements for protecting Controlled Unclassified Information.
- SSP (System Security Plan) — Document describing how an organization implements security controls.
- POA&M — Plan of Action and Milestones for remediating control gaps.
- CUI — Controlled Unclassified Information requiring safeguarding.
- FCI — Federal Contract Information protected under basic safeguarding rules.
- SPRS — Supplier Performance Risk System scoring used in DoD supply chain.
- MFA — Multi-factor authentication for stronger identity verification.
- Entra ID — Microsoft’s cloud identity platform (formerly Azure AD).
- Conditional Access — Policy-based access control in Microsoft Entra ID.
- EDR — Endpoint detection and response for modern endpoint threats.
- Zero Trust — Security model that continuously verifies access.
- SIEM — Security information and event management for log correlation.
- RPO — Recovery Point Objective—how much data loss is tolerable.
- RTO — Recovery Time Objective—how quickly systems must return.
- Phishing — Social engineering attacks that trick users into revealing credentials or taking unsafe actions.
- Ransomware — Malware that encrypts or steals data and demands payment.
- Firewall — Network control that allows or blocks traffic based on policy.
- VPN — Virtual private network for encrypted remote access.
- Least privilege — Grant only the access required to perform a role.
- Patch management — Process for applying security and stability updates.
- Business email compromise — Fraud abusing email trust relationships.
- DLP — Data loss prevention controls for sensitive data movement.
- SOC — Security operations center for monitoring and response.
- MDM — Mobile device management for policy on phones and tablets.
- Microsoft Secure Score — A Microsoft metric and recommendation set for improving security configuration.
- Legacy authentication — Older sign-in methods that often cannot enforce modern MFA challenges.
- SharePoint — Microsoft’s team content and intranet platform in Microsoft 365.
- OneDrive — Personal cloud file storage in Microsoft 365.
- Defender for Office 365 — Microsoft’s advanced email and collaboration threat protection.
- Passkey — A phishing-resistant credential model based on FIDO standards.
- Break-glass account — Emergency admin account used only when normal admin access fails.
- OAuth — An authorization framework used by apps to access resources with consent.
- FIDO2 — Open standards for passwordless, phishing-resistant authentication.
- Session hijacking — Abuse of an authenticated session token to impersonate a user.
- Microsoft Intune — Cloud endpoint management for PCs and mobile devices.
- Windows Autopilot — Cloud provisioning for Windows devices.
- MAM — Mobile application management protecting app data.
- Group Policy — Windows policy management traditionally used on-premises.
- Company Portal — End-user app for Intune enrollment and company apps.
- ePHI — Electronic protected health information.
- BAA — Business Associate Agreement under HIPAA.
- HIPAA Security Rule — Federal standards for protecting ePHI.
- Minimum necessary — Limit PHI use and disclosure to what is needed.
- HITECH — Law that strengthened HIPAA enforcement and breach rules.
- Covered entity — Health plan, clearinghouse, or provider under HIPAA.
- MTPD — Maximum tolerable period of disruption.
- Immutable backup — A backup that cannot be changed or deleted for a set period.
- DMARC — Email authentication policy and reporting standard.
- DKIM — Email cryptographic signing standard.
- SPF — Sender Policy Framework for authorized email senders.
- Lookalike domain — A deceptive domain similar to a real brand domain.
- Shadow AI — Unapproved AI tool use by staff.
- Prompt injection — Attacks that manipulate AI system instructions via untrusted input.
- VLAN — Virtual LAN segment on a switch network.
- DNS — Domain Name System.
- DHCP — Dynamic Host Configuration Protocol for automatic IP addressing.
- SSID — Wi-Fi network name.
- TCP/IP — Foundational internet networking protocols.
- SD-WAN — Software-defined wide area networking.