Reference

GovCon Glossary

Plain-English definitions for the acronyms and terms capture, proposal, and BD teams run into every day.

26 terms

C

Communications Security

COMSEC
Security

Communications Security covers the measures, equipment, and procedures used to protect government voice, data, and message traffic from interception, exploitation, or unauthorized disclosure, including encryption, key management, and transmission security. Contractors working with classified or sensitive communications equipment must follow NSA/CNSS COMSEC policy, often including trained custodians and controlled key material.

Contracting Officer

KO
Security

The Contracting Officer is the government official with legal authority to enter into, administer, modify, or terminate a contract on the agency's behalf. Only the KO can bind the government to contractual commitments; direction from any other government employee, including a program manager or COR, does not carry that authority.

Contracting Officer's Representative

COR
Security

A Contracting Officer's Representative is appointed in writing by the KO to monitor day-to-day contract performance, inspect deliverables, and serve as the technical point of contact with the contractor. A COR has no authority to change price, scope, or terms; performance concerns get escalated back to the Contracting Officer for a binding decision.

Controlled Unclassified Information

CUI
Security

Controlled Unclassified Information is unclassified government information that still requires safeguarding or dissemination controls under law, regulation, or agency policy, such as procurement-sensitive data, export-controlled technical data, or personally identifiable information. Contractors handling CUI must follow specific marking, storage, and access rules, and it is a core driver behind CMMC requirements.

Cybersecurity Maturity Model Certification

CMMC
Security

The Cybersecurity Maturity Model Certification is DoD's framework for verifying that contractors handling Federal Contract Information and CUI have adequate cybersecurity controls in place, spanning three levels: Level 1 (basic safeguarding, self-assessed), Level 2 (110 NIST SP 800-171 controls, generally third-party assessed), and Level 3 (added NIST SP 800-172 controls, government-assessed). It is becoming a mandatory condition of award as DoD phases it into solicitations.

Ready to win more?

Ready to connect your pursuit work?

GovEagle gives BD directors, capture managers, and proposal teams one AI workspace from pipeline through proposal, with CMMC/FedRAMP Moderate compliance built in.