Administrative Contracting Officer
An Administrative Contracting Officer manages a contract after award, handling modifications, cost and schedule oversight, and day-to-day compliance monitoring, while a separate procuring contracting officer typically handles the award itself. An ACO's authority is defined by a written letter of delegation and is limited to the specific functions it grants.
Related terms
Communications Security
COMSECCommunications Security covers the measures, equipment, and procedures used to protect government voice, data, and message traffic from interception, exploitation, or unauthorized disclosure, including encryption, key management, and transmission security. Contractors working with classified or sensitive communications equipment must follow NSA/CNSS COMSEC policy, often including trained custodians and controlled key material.
Contracting Officer
KOThe Contracting Officer is the government official with legal authority to enter into, administer, modify, or terminate a contract on the agency's behalf. Only the KO can bind the government to contractual commitments; direction from any other government employee, including a program manager or COR, does not carry that authority.
Contracting Officer's Representative
CORA Contracting Officer's Representative is appointed in writing by the KO to monitor day-to-day contract performance, inspect deliverables, and serve as the technical point of contact with the contractor. A COR has no authority to change price, scope, or terms; performance concerns get escalated back to the Contracting Officer for a binding decision.
Controlled Unclassified Information
CUIControlled Unclassified Information is unclassified government information that still requires safeguarding or dissemination controls under law, regulation, or agency policy, such as procurement-sensitive data, export-controlled technical data, or personally identifiable information. Contractors handling CUI must follow specific marking, storage, and access rules, and it is a core driver behind CMMC requirements.
Cybersecurity Maturity Model Certification
CMMCThe Cybersecurity Maturity Model Certification is DoD's framework for verifying that contractors handling Federal Contract Information and CUI have adequate cybersecurity controls in place, spanning three levels: Level 1 (basic safeguarding, self-assessed), Level 2 (110 NIST SP 800-171 controls, generally third-party assessed), and Level 3 (added NIST SP 800-172 controls, government-assessed). It is becoming a mandatory condition of award as DoD phases it into solicitations.
