Authority To Operate, generally granted by a CIO or DAA, is a term describe the granting of approval for an IT system to be used by an agency
Certifications and Accreditations or C&A’s are standardized statements regarding a vendor’s compliance with common contract requirements
Competition in Contracting Act of 1984
Chief Information Security Officer
Contracting Officer, the non-technical government representative charged with administering a contract
Contacting Officer’s Technical Representative, the technical government representative on a government contract, often akin to a project or program manager in the private sector
The Designated Approving Authority/Designated Accrediting Authority/Delegated Accrediting Authority has ultimate responsiblity for running a system at a particular level of risk.
(Department of) Defense Information Assurance Certification and Accreditation Process for risk management of information systems. The process by which an ATO is achieved in DoD.
The Federal Acquisition Regulation or FAR is the primary law government federal procurement in the United States
The Federal Risk and Authorization Management Program is a framework for certifying the security of cloud service providers for government-wide use
The Federal Information Security Management act lays out a common framework for an agency to evaluate the risk associated with a government IT system
General Services Administration establishes long-term governmentwide contracts (Schedules) with commercial firms to provide access to millions of commercial products and services at volume discount pricing. See Schedule 70.
Interim Authority/Authorization To Operate, is a provisional approval for a system whose deficiencies prevent a formal ATO from being issued.
Procurement Instrument ID. The unique identifier for each contract, agreement or order.
SAM.gov is a centralized registry for vendor information including certification and accreditations
Schedule 70 of the GSA Schedules is where the General Services Administration lists government-wide information technology contracts it has negotiated with common vendors. Listed offerings can be purchased through a simplified acquisition process.
Section 508 of the US Rehabilitation Act lays out accessibility requirements all US Government Websites must meet
A catalog of security controls published by NIST. Used to describe a system’s security measures in FISMA and FedRAMP approvals.
Secure Technical Implementation Guidelines. These are DISA’s security requirements for running certain kinds of software in the DOD.