More

Previous	NEXT
command authority (CMDAUTH) (COMSEC)	The command authority is responsible for the appointment of user representatives for a department, agency, or organization and their key and granting of modern (electronic) key ordering privileges for those User Representatives. Source: CNSSI No. 4005 (COMSEC)
commercial COMSEC evaluation program (CCEP)	Relationship between National Security Agency (NSA) and industry, in which NSA provides the COMSEC expertise (i.e., standards, algorithms, evaluations, and guidance) and industry provides design, development, and production capabilities to produce a NSA-approved product. Products developed under the CCEP may include modules, subsystems, equipment, systems, and ancillary devices. Source: NSA/CSS Manual Number 3-16 (adapted) (COMSEC)
commercial-off-the-shelf (COTS)	A software and/or hardware product that is commercially ready-made and available for sale, lease, or license to the general public. Source: NSA/CSS Policy 3-14
commercial solutions for classified (CSfC)	A commercial off-the-shelf (COTS) end-to-end strategy and process in which two or more COTS products can be combined into a solution to protect classified information. Source: NSA/CSS Policy 3-14 (adapted)
commodity service	An information system service (e.g., telecommunications service) provided by a commercial service provider typically to a large and diverse set of consumers. The organization acquiring and/or receiving the commodity service possesses limited visibility into the management structure and operations of the provider, and while the organization may be able to negotiate service-level agreements, the organization is typically not in a position to require that the provider implement specific security controls. Source: NIST SP 800-53 Rev 4
common access card (CAC)	Standard identification/smart card issued by the Department of Defense (DoD) that has an embedded integrated chip storing public key infrastructure (PKI) certificates. Note: As per DoDI 1000.13, the common access card (CAC), a form of DoD ID card, shall serve as the Federal personal identity verification (PIV) card for DoD implementation of Homeland Security Presidential Directive 12. Source: DoDI 1000.13 (adapted)
common carrier	In a telecommunications context, a telecommunications company that holds itself out to the public for hire to provide communications transmission services. Note: In the United States, such companies are usually subject to regulation by federal and state regulatory commissions. Source: NIST SP 800-53 Rev 4
common configuration enumeration (CCE)	A nomenclature and dictionary of software security configurations. Source: NIST SP 800-126 Rev 2