Cyber Terms & Compliance Glossary

A set of standards published by the National Institute of Standards and Technology for safeguarding Controlled Unclassified Information (CUI) in non-federal information systems. It includes 14 control families with 110 security requirements that contractors must implement.

The Cybersecurity Maturity Model Certification is a unified standard for implementing cybersecurity across the Defense Industrial Base (DIB). It combines various cybersecurity standards into a tiered certification framework required for DoD contractors handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI).

Customs Trade Partnership Against Terrorism. A voluntary supply chain security program led by U.S. Customs and Border Protection focused on improving the security of private companies' supply chains with respect to terrorism. Includes specific cybersecurity requirements for members.

Federal Motor Carrier Safety Administration. A U.S. Department of Transportation agency that regulates the trucking industry. While traditionally focused on safety, FMCSA has issued cybersecurity guidance specific to electronic logging devices, fleet management systems, and transportation operations.

Supplier Performance Risk System. The DoD database used by contractors to report their NIST SP 800-171 assessment scores. A requirement for organizations that handle Controlled Unclassified Information (CUI) in the defense supply chain.

Multi-factor authentication. A security method that requires two or more independent forms of verification to access a system—typically something you know (password), something you have (authentication app code), or something you are (biometric). Required by most regulatory frameworks.

Technology that allows authorized users to securely connect to company systems from outside locations. Includes VPNs, virtual desktops, and cloud application portals. Requires special security controls in regulated environments, particularly for transportation and logistics systems.

A security model that assumes no user or device should be automatically trusted, whether inside or outside the network perimeter. Requires continuous verification for access to resources, minimizing lateral movement opportunities within systems, and implementing least privilege access.

The systematic examination of system activity records to identify anomalies, unauthorized access attempts, or suspicious events. A critical compliance requirement that documents who accessed what systems, when, and what actions they performed.

Chronological records of system activities that help reconstruct event sequences for security investigations, compliance verification, and troubleshooting. Must be protected from unauthorized alteration and retained according to regulatory requirements.

The process of categorizing organizational data based on sensitivity levels and handling requirements. Common categories include Public, Internal, Confidential, and Regulated. Each level requires specific security controls, particularly for transportation data involving shippers, routes, and cargo details.

The documented confirmation that staff have read, understood, and agreed to follow organizational security policies. Typically required annually and during onboarding. Critical for compliance evidence during audits and assessments.

Fraudulent communications that appear to come from reputable sources, designed to steal credentials, install malware, or trick users into unauthorized actions. In transportation, often targets logistics portals, load boards, and dispatch systems with specialized lures.

Any device connected to a network, such as laptops, mobile phones, tablets, electronic logging devices (ELDs), and vehicle telematics systems. Endpoints represent common entry points for cyberattacks and require specific protection measures like encryption, access controls, and security software.

The systematic process of securing a system by reducing vulnerabilities, eliminating unnecessary services, and configuring security options. Includes removing default accounts, closing unused ports, implementing password policies, and enabling security features in systems like TMS, WMS, and ELD platforms.

Educational programs designed to teach employees about cybersecurity threats, safe practices, and organizational policies. Must be role-specific and documented to meet compliance requirements. Typically includes phishing simulations, policy reviews, and scenario-based learning tailored to transportation operations.

A structured approach to addressing and managing security breaches, from identification and containment to eradication, recovery, and lessons learned. Must be documented and tested regularly. For logistics operations, should address unique scenarios like cargo theft, ELD tampering, and dispatch system compromise.