Security

GCC High

GCC High is Microsoft's Government Community Cloud High environment, a segregated Microsoft 365 tenant hosted in the continental U.S. and administered only by screened U.S. persons, built to satisfy DFARS 252.204-7012, ITAR/EAR, and CMMC Level 2/3 requirements. Contractors handling CUI or export-controlled technical data on DoD work typically need GCC High rather than a commercial or standard GCC tenant.

Related terms

Administrative Contracting Officer

ACO

An Administrative Contracting Officer manages a contract after award, handling modifications, cost and schedule oversight, and day-to-day compliance monitoring, while a separate procuring contracting officer typically handles the award itself. An ACO's authority is defined by a written letter of delegation and is limited to the specific functions it grants.

Communications Security

COMSEC

Communications Security covers the measures, equipment, and procedures used to protect government voice, data, and message traffic from interception, exploitation, or unauthorized disclosure, including encryption, key management, and transmission security. Contractors working with classified or sensitive communications equipment must follow NSA/CNSS COMSEC policy, often including trained custodians and controlled key material.

Contracting Officer

KO

The Contracting Officer is the government official with legal authority to enter into, administer, modify, or terminate a contract on the agency's behalf. Only the KO can bind the government to contractual commitments; direction from any other government employee, including a program manager or COR, does not carry that authority.

Contracting Officer's Representative

COR

A Contracting Officer's Representative is appointed in writing by the KO to monitor day-to-day contract performance, inspect deliverables, and serve as the technical point of contact with the contractor. A COR has no authority to change price, scope, or terms; performance concerns get escalated back to the Contracting Officer for a binding decision.

Controlled Unclassified Information

CUI

Controlled Unclassified Information is unclassified government information that still requires safeguarding or dissemination controls under law, regulation, or agency policy, such as procurement-sensitive data, export-controlled technical data, or personally identifiable information. Contractors handling CUI must follow specific marking, storage, and access rules, and it is a core driver behind CMMC requirements.

Ready to win more?

Ready to connect your pursuit work?

GovEagle gives BD directors, capture managers, and proposal teams one AI workspace from pipeline through proposal, with CMMC/FedRAMP Moderate compliance built in.