Glossary

Official government approval allowing an information system to operate within a defined environment, based on accepted risk.

A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations, used for threat modeling and detection engineering.

The internal security team responsible for defending an organization's systems, networks, and data against cyber threats and attack simulations.

A DoD framework requiring defense contractors to meet specific cybersecurity standards before being awarded federal contracts.

Commercially available hardware or software that can be purchased and deployed without custom development, enabling faster deployment and easier maintenance.

U.S. military teams trained to defend DoD networks, conduct vulnerability assessments, and respond to cyber incidents on priority systems.

A MITRE framework that maps defensive cybersecurity techniques to known attack patterns, complementing ATT&CK for blue team operations.

A database is an organized collection of data that can be easily accessed, managed, and updated. It is used to store information in a structured way, allowing for efficient retrieval and manipulation of data.

The integration of security practices into every phase of the software development lifecycle, ensuring code is secure, compliant, and production-ready by default.

The system that translates domain names into IP addresses.

A programming interface for web documents.

Security technology that continuously monitors endpoints to detect, investigate, and respond to advanced threats in real time.

A U.S. government program providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Client-side development focused on what users see and interact with.

The process of receiving, packaging, and shipping orders for goods.

A developer proficient in both front-end and back-end development.

The essential literacy and numeracy skills that apprentices need to succeed in their chosen field (reading, writing, comprehension, computer skills, among others).

A network node that connects two different networks and allows data to flow between them.

Specialized systems used to monitor and control physical infrastructure and industrial processes, increasingly targeted by sophisticated cyber threats.

A structured methodology for detecting, containing, and recovering from security breaches to minimize damage and restore normal operations quickly.

The average time required to detect and contain a security incident — a key KPI for measuring SOC efficiency and operational maturity.

A catalog of security and privacy controls published by NIST for federal information systems, widely used as a compliance baseline for government and enterprise environments.

Hardware and software that monitors and controls physical devices, processes, and events in industrial and critical infrastructure environments.

A simulated cyberattack conducted by authorized professionals to identify vulnerabilities in systems, networks, and applications before real attackers do.

An independent group that simulates real-world adversary tactics to test and improve an organization's detection and response capabilities.

A structured NIST process for integrating security, privacy, and cyber supply chain risk management into the system development lifecycle.

A platform that aggregates and analyzes security data from across an organization's environment to detect threats and generate alerts in real time.

Technology that automates security workflows, orchestrates tools, and accelerates incident response — transforming manual SOC tasks into intelligent, repeatable processes.

Technology that automates security workflows, orchestrates tools, and accelerates incident response — transforming manual SOC tasks into intelligent, repeatable processes.

A proactive security practice where analysts actively search for hidden threats and adversaries within an organization's environment before alerts are triggered.

The behavior patterns and methods used by threat actors to plan and execute cyberattacks, used to build threat-informed defenses.

Automated identification and analysis of security weaknesses in systems, networks, and applications to prioritize remediation efforts.

A security model based on the principle of never trust always verify — requiring continuous authentication and authorization for every user device and connection regardless of location.