Term 121
Common Access Card
A Common Access Card (CAC) is a smart card issued by the U.S. Department of Defense that serves as a single identification, authentication, and access credential for military personnel and contractors.
Acronym study
Terms 121–150 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 121
A Common Access Card (CAC) is a smart card issued by the U.S. Department of Defense that serves as a single identification, authentication, and access credential for military personnel and contractors.
Term 122
Common Criteria is an international standard (ISO 15408) that provides a common framework for evaluating the security features and capabilities of information technology products.
Term 123
Communication Compliance is the set of policies, tools, and practices used by organizations to monitor, capture, and review electronic communications in order to meet regulatory, legal, and internal governance requirements.
Term 124
Compartmented security mode is a multilevel security (MLS) system where subjects are cleared for all sensitivity levels but only have access to specific compartments of information based on their need-to-know.
Term 125
A compensating control is a security measure implemented to reduce risk when a primary control cannot be used or is insufficient.
Term 126
Compliance is the process of ensuring that an organization follows laws, regulations, standards, and internal policies that apply to its operations and data handling.
Term 127
A Compliance Manager is a tool or service that helps organizations assess, monitor, and improve their adherence to regulatory standards, industry frameworks, and internal policies.
Term 128
Compliance state is the current status of a system, application, or device indicating whether it meets a defined set of security policies, regulatory requirements, or configuration standards.
Term 129
Conditional access is a security framework that evaluates signals like user location, device health, and risk level to grant or block access to resources in real time.
Term 130
Confidentiality means keeping sensitive information secret and accessible only to authorized people or systems.
Term 131
The CIA Triad is a foundational security model that ensures data is kept secret, unaltered, and accessible when needed.
Term 132
A configuration backup is a saved copy of a device's settings, such as router interfaces, firewall rules, or switch VLANs, that can be restored if the device fails or is misconfigured.
Term 133
A configuration baseline is a fixed reference point that documents the approved hardware, software, settings, and performance parameters of an IT system or network component at a specific point in time.
Term 134
Configuration drift is the gradual, unplanned change in a system's configuration settings over time, causing it to deviate from its original or desired state.
Term 135
Container Analysis is the process of examining container images and running containers for security vulnerabilities, misconfigurations, and compliance issues before deployment.
Term 136
A container escape is a security exploit where an attacker breaks out of the isolated environment of a container to gain unauthorized access to the host operating system or other containers.
Term 137
Container scanning is the automated process of inspecting container images for known security vulnerabilities, misconfigurations, and compliance issues before they are deployed.
Term 138
Container security is the practice of protecting containerized applications and their underlying infrastructure from threats throughout the entire lifecycle.
Term 139
Containment is the incident response phase where security teams isolate a compromised system or network to prevent the threat from spreading further while preserving evidence.
Term 140
A containment strategy is a set of actions taken during a security incident to stop the threat from spreading or causing further damage while preserving evidence for analysis.
Term 141
The Contributor role is a built-in Azure role that grants full access to manage resources within a scope but does not allow granting access to other users.
Term 142
The control plane is the part of a network that makes decisions about how data should be forwarded, defining routes and policies without actually moving the data itself.
Term 143
A security measure that acts after an incident to limit damage, restore operations, and prevent recurrence.
Term 144
A correlation rule is a set of conditions in a security information and event management (SIEM) system that combines multiple log events from different sources to detect complex threats or patterns that a single event would miss.
Term 145
Cost Explorer is an AWS tool that lets you visualize, understand, and manage your AWS spending and usage over time.
Term 146
Cost Management is the practice of planning, controlling, and optimizing spending on cloud resources to stay within budget and maximize value.
Term 147
A countermeasure is any action, device, procedure, or technique that reduces a threat, vulnerability, or risk to an acceptable level.
Term 148
A covert channel is a hidden communication path that allows data to be transferred in ways that violate a system's security policy, often by using resources not intended for communication.
Term 149
Cross-site request forgery (CSRF) is a web security vulnerability that tricks a user into unknowingly performing actions on a website where they are already authenticated.
Term 150
Cross-site scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users, often to steal data or hijack sessions.