Federal-specific terms used across this suite, translated to the healthcare/commercial PM concepts they're closest to.
- FAR — Federal Acquisition Regulation
- The government's contracting rulebook. Closest to: HIPAA as a compliance framework, but for contracting instead of patient data.
- PWS — Performance Work Statement
- Government-written scope document defining the required work. Closest to: a Project Charter, except the client writes it, not the PM.
- IDIQ — Indefinite Delivery/Indefinite Quantity
- An umbrella contract vehicle with no fixed total value; individual Task Orders are issued against it over time. Closest to: a master services agreement with SOWs issued underneath it.
- Task Order
- A specific, funded work assignment issued under an IDIQ. This program is Task Order 3.
- CDRL — Contract Data Requirements List
- The numbered, contractual list of every required deliverable, due date, and format. Closest to: a deliverables tracker, but each line item carries contractual weight.
- QASP — Quality Assurance Surveillance Plan
- Government's own plan for how it will inspect and accept contractor deliverables.
- IMS — Integrated Master Schedule
- A formally structured master schedule required in federal format. Closest to: your MS Project plan, with stricter formatting conventions.
- COR — Contracting Officer's Representative
- Government's day-to-day technical/program oversight person. Closest to: an empowered client-side sponsor — but with contract authority you don't usually see commercially.
- CO — Contracting Officer
- The only government person legally authorized to bind the contract or approve mods. Closest to: Legal being the only one who can sign a change order, not the business sponsor.
- Section 508
- Federal accessibility compliance requirement for IT systems (screen readers, keyboard navigation, etc.). Closest to: ADA compliance, but IT-specific and federally enforced pre-launch.
- VPAT — Voluntary Product Accessibility Template
- The standard documentation format for reporting Section 508 accessibility conformance.
- ATO — Authority to Operate
- Formal government approval required before a system can go live in production. Closest to: a HIPAA Security Risk Assessment sign-off, but a hard gate — nothing launches without it.
- RMF — Risk Management Framework
- The federal security assessment process that leads to an ATO.
- POA&M — Plan of Action & Milestones
- Tracked remediation plan for any security weaknesses found during ATO assessment.
- Contract Modification (Mod)
- Formal, CO-approved change to a contract's scope, price, or terms. Closest to: change control, but legally binding and CO-signed rather than internally approved.