Download this free CMMC 2.0 Glossary to quickly understand the terms used in CMMC readiness, NIST 800-171 documentation, SSP writing, POA&M tracking, evidence collection, and CUI/FCI compliance work.

This glossary is designed for DoD contractors, subcontractors, SMBs, consultants, GRC teams, IT teams, and security professionals who need a practical reference without sorting through confusing terminology.

Inside, you’ll find plain-English definitions for common CMMC and audit-readiness terms, including CUI, FCI, SSP, POA&M, SPRS, DFARS, assessment boundary, objective evidence, control families, access control, MFA, logging, incident response, risk acceptance, supplier flow-down, and more.

Use it while drafting policies, preparing evidence, organizing your compliance program, or training team members on CMMC language.

Want to go further? Pair this free glossary with the CMMC 2.0 Audit Readiness Checklist Package or upgrade to the Full CMMC 2.0 Document Template Package, which includes SSP, POA&M, policies, SOPs, registers, evidence tools, diagrams, and assessment workbooks.

Important: This glossary is for informational purposes only, is not legal advice, does not guarantee compliance, and is not affiliated with or endorsed by DoD, NIST, Cyber AB, or the CMMC program.