Glossary

The vocabulary that comes up in education-sector cybersecurity work.

Plain-language definitions. Where a term has a CybrIQ-specific meaning, that is named explicitly.

BYOD Bring Your Own Device: Personal devices (phones, tablets, laptops) brought onto the institution's network. In K-12, often student-owned phones on guest VLANs. In higher education, the dominant device population in residence halls and student commons.
CIPA Children's Internet Protection Act: Federal law requiring K-12 schools and libraries that receive E-Rate funding to implement internet-content filtering. Adjacent to but distinct from device-inventory work.
CIS Controls Center for Internet Security Critical Security Controls: A widely adopted cybersecurity framework. Control 1 ("Inventory and Control of Enterprise Assets") and Control 2 ("Inventory and Control of Software Assets") are the foundation; CybrIQ supports the device-inventory side of Control 1.
COPPA Children's Online Privacy Protection Act: Federal law restricting collection of personal information from children under 13. Applies to operators of online services directed at or knowingly used by under-13 children. CybrIQ does not collect personal information about students at any age.
CMMC Cybersecurity Maturity Model Certification: DoD contractor cybersecurity certification framework. Levels 2 and 3 increasingly apply to university research programs handling Controlled Unclassified Information from defense contracts.
Device DNA™: CybrIQ's term for the Layer-1 fingerprint produced from link negotiation, MAC OUI, LLDP/CDP advertisements, port statistics, and VLAN context. The fingerprint is matched against a 750-million-device reference library to produce a vendor and model identification.
EDR Endpoint Detection and Response: Software that runs on a managed endpoint to detect and respond to malicious behavior. CrowdStrike, Microsoft Defender for Endpoint, SentinelOne, and others. CybrIQ does not perform EDR; we identify endpoints, EDR products inspect their behavior.
E-Rate: The federal program (administered by USAC) that subsidizes telecommunications, internet access, and internal network connections for K-12 schools and libraries. Category 2 covers internal network equipment. Inventory documentation supports the post-installation evidence requirements.
ESE External Scan Engine: The customer-installed component of CybrIQ that reads each managed switch via SNMP. Runs on a small Linux VM inside the institution's network. Communicates outbound only, over SSL, to the main CybrIQ instance.
FERPA Family Educational Rights and Privacy Act: Federal law (20 U.S.C. § 1232g) protecting education records of students at federally-funded educational institutions. CybrIQ does not see, store, or transmit education records. Our scope is the network layer underneath the systems that hold those records. See the FERPA article for the detailed analysis.
FISMA Federal Information Security Modernization Act: Federal law requiring federal agencies and their contractors to implement information security programs. Applies to higher-education institutions with federal contracts and to K-12 districts handling certain federal data.
K12 SIX K-12 Security Information eXchange: Non-profit information-sharing organization for K-12 cybersecurity. Publishes the Essentials Series, a baseline of cybersecurity practices recommended for all districts. The first essential ("maintain an accurate inventory") aligns directly with what CybrIQ produces.
LLDP Link Layer Discovery Protocol: Vendor-neutral protocol that allows network devices to advertise their identity to immediate neighbors. CybrIQ reads LLDP advertisements to enrich device identification. CDP (Cisco's older proprietary equivalent) is also supported.
MAC OUI Organizationally Unique Identifier: The first three bytes of a MAC address, assigned by the IEEE to identify the device's manufacturer. CybrIQ resolves OUIs against the IEEE registry plus our own enriched manufacturer database (covering OEM relabeling and named-subsidiary mapping).
MDM Mobile Device Management: Software that configures and manages enrolled devices. In K-12: Google Admin (chromebooks), Jamf or Mosyle (iPads, MacBooks), Microsoft Intune. In higher education: similar products plus departmental variations. CybrIQ tells you what is on the network; the MDM tells you about devices it has enrolled. The two see different populations.
NAC Network Access Control: Software that enforces policy when a device authenticates onto the network. Cisco ISE, Forescout, Aruba ClearPass. CybrIQ feeds device identity into the NAC's policy decision; we do not enforce policy ourselves.
NDAA Section 889: Section 889 of the FY2019 National Defense Authorization Act, prohibiting federal agencies and federally-funded research from procuring certain Chinese-made telecommunications and surveillance equipment (Huawei, ZTE, Hytera, Hangzhou Hikvision, Dahua, and named subsidiaries). CybrIQ identifies covered-entity hardware on the network for federal-grant attestation work.
NIST SP 800-171: NIST publication defining security requirements for protecting Controlled Unclassified Information (CUI) on non-federal systems. Required for institutions handling CUI from federal contracts. The asset-management controls (3.4 family) explicitly require an accurate, current device inventory.
PII Personally Identifiable Information: Information that identifies a specific individual. CybrIQ does not collect PII about students, faculty, or staff. We see the device, not the person using it.
SIEM Security Information and Event Management: Software that collects and correlates security events from across the institution's systems. Splunk, Microsoft Sentinel, QRadar, Elastic, LogRhythm. CybrIQ feeds device-identity events into the SIEM; the SIEM does the cross-event correlation.
SIS Student Information System: The system that holds student records: enrollments, grades, attendance, demographics. PowerSchool, Infinite Campus, Skyward, Banner, PeopleSoft, Workday Student. CybrIQ does not connect to the SIS; the SIS holds FERPA-protected data, our scope is below.
SNMP Simple Network Management Protocol: The standard protocol for reading state from managed network switches. CybrIQ uses SNMP v3 with read-only permissions; v2c is supported where the customer's network requires it.
SOC 2: An audit framework defined by the AICPA, focused on security, availability, processing integrity, confidentiality, and privacy. Type II audits cover a multi-month observation period. Increasingly required by higher-education institutions of vendors handling institutional data.
VLAN Virtual Local Area Network: A logical subdivision of a physical network. Common in education for separating student traffic from staff traffic, or for isolating IoT and building-automation devices. CybrIQ reports the VLAN context for every identified device.