StateRAMP State Risk and Authorization Management Program
FedRAMP Federal Risk and Authorization Management Program
CSP Cloud Service Providers (includes SaaS, PaaS & IaaS vendors)
SaaS Software as a Service
PaaS Platform as a Service
IaaS Infrastructure as a Service
3PAO Third Party Assessment Organizations
Controls A safeguard or countermeasure prescribed for an information system or an organization
NIST National Institute of Standards and Technology
NIST 800-53 Cyber security framework created for systems containing PII, PHI or PCI
PII Personally identifiable information
PHI Protected Health Information
Payment Card Industry Data Security Standard
AICPA American Institute of Certified Public Accountants
SOC System and Organization Controls
SOC 2 SOC for Service Organizations: Trust Services Criteria
SOC 2 Type 2 SOC 2 Type 2 report:
Report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls
CMMC Cybersecurity Maturity Model Certification
MARS e2.0 Minimum Acceptable Risk Standards for Exchanges, Version 2.0