Compliance

POA&MPlan of Action and Milestones

A document identifying security weaknesses, the planned remediation actions, required resources, and scheduled completion dates for achieving full compliance.

Related Terms

NIST SP 800-171

The NIST standard specifying 110 security requirements for protecting CUI in non-federal systems. Forms the basis of CMMC Level 2 and DFARS 252.204-7012 compliance.

SPRS

The Supplier Performance Risk System score (-203 to 110) reflecting a contractor's self-assessed compliance with NIST SP 800-171. Required for DoD contracts involving CUI.

CMMC

A DoD framework requiring defense contractors to meet specific cybersecurity standards before handling federal contract information.

Related Guides

CMMC Compliance Guide→

← Back to Glossary