Government Glossary

Help improve this content

A glossary of common government IT and procurement terms, abbreviations and acronyms

ATO

Authority To Operate, generally granted by a CIO or DAA, is a term describe the granting of approval for an IT system to be used by an agency

C&A’s

Certifications and Accreditations or C&A’s are standardized statements regarding a vendor’s compliance with common contract requirements

CICA

Competition in Contracting Act of 1984

CISO

Chief Information Security Officer

CO

Contracting Officer, the non-technical government representative charged with administering a contract

COTR

Contacting Officer’s Technical Representative, the technical government representative on a government contract, often akin to a project or program manager in the private sector

DAA

The Designated Approving Authority/Designated Accrediting Authority/Delegated Accrediting Authority has ultimate responsiblity for running a system at a particular level of risk.

DIACAP

(Department of) Defense Information Assurance Certification and Accreditation Process for risk management of information systems. The process by which an ATO is achieved in DoD.

FAR

The Federal Acquisition Regulation or FAR is the primary law government federal procurement in the United States

FedRAMP

The Federal Risk and Authorization Management Program is a framework for certifying the security of cloud service providers for government-wide use

FISMA

The Federal Information Security Management act lays out a common framework for an agency to evaluate the risk associated with a government IT system

GSA Schedules

General Services Administration establishes long-term governmentwide contracts (Schedules) with commercial firms to provide access to millions of commercial products and services at volume discount pricing. See Schedule 70.

IATO

Interim Authority/Authorization To Operate, is a provisional approval for a system whose deficiencies prevent a formal ATO from being issued.

PIID

Procurement Instrument ID. The unique identifier for each contract, agreement or order.

SAM.gov

SAM.gov is a centralized registry for vendor information including certification and accreditations

Schedule 70

Schedule 70 of the GSA Schedules is where the General Services Administration lists government-wide information technology contracts it has negotiated with common vendors. Listed offerings can be purchased through a simplified acquisition process.

Section 508

Section 508 of the US Rehabilitation Act lays out accessibility requirements all US Government Websites must meet

SP 800-53

A catalog of security controls published by NIST. Used to describe a system’s security measures in FISMA and FedRAMP approvals.

STIG

Secure Technical Implementation Guidelines. These are DISA’s security requirements for running certain kinds of software in the DOD.