Identity and Access Management
The framework of policies and technology that governs who can access which systems and data, and what they're allowed to do once they're in. In GovCon, IAM underpins zero trust architecture and is a core control family assessed under FedRAMP, CMMC, and RMF authorizations, covering provisioning, authentication, role-based permissions, and access revocation.
Related terms
Administrative Contracting Officer
ACOAn Administrative Contracting Officer manages a contract after award, handling modifications, cost and schedule oversight, and day-to-day compliance monitoring, while a separate procuring contracting officer typically handles the award itself. An ACO's authority is defined by a written letter of delegation and is limited to the specific functions it grants.
Communications Security
COMSECCommunications Security covers the measures, equipment, and procedures used to protect government voice, data, and message traffic from interception, exploitation, or unauthorized disclosure, including encryption, key management, and transmission security. Contractors working with classified or sensitive communications equipment must follow NSA/CNSS COMSEC policy, often including trained custodians and controlled key material.
Contracting Officer
KOThe Contracting Officer is the government official with legal authority to enter into, administer, modify, or terminate a contract on the agency's behalf. Only the KO can bind the government to contractual commitments; direction from any other government employee, including a program manager or COR, does not carry that authority.
Contracting Officer's Representative
CORA Contracting Officer's Representative is appointed in writing by the KO to monitor day-to-day contract performance, inspect deliverables, and serve as the technical point of contact with the contractor. A COR has no authority to change price, scope, or terms; performance concerns get escalated back to the Contracting Officer for a binding decision.
Controlled Unclassified Information
CUIControlled Unclassified Information is unclassified government information that still requires safeguarding or dissemination controls under law, regulation, or agency policy, such as procurement-sensitive data, export-controlled technical data, or personally identifiable information. Contractors handling CUI must follow specific marking, storage, and access rules, and it is a core driver behind CMMC requirements.
