Skip to content

Latest commit

 

History

History
681 lines (460 loc) · 44.6 KB

Security Gloassary.md

File metadata and controls

681 lines (460 loc) · 44.6 KB

A list of Key Information Security Terms for Software and Hardware. Sources: NIST Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009).

A

Access – Ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions. SOURCE: CNSSI-4009

Access Authority – An entity responsible for monitoring and granting access privileges for other authorized entities. SOURCE: CNSSI-4009

Access Control – The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances). SOURCE: FIPS 201; CNSSI-4009

Access Control List (ACL) –

    1. A list of permissions associated with an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.
    1. A mechanism that implements access control for a system resource by enumerating the system entities that are permitted to access the resource and stating, either implicitly or explicitly, the access modes granted to each entity. SOURCE: CNSSI-4009

Access Control Lists (ACLs) – A register of:

    1. users (including groups, machines, processes) who have been given permission to use a particular system resource, and
    1. the types of access they have been permitted. SOURCE: SP 800-12

Access Control Mechanism – Security safeguards (i.e., hardware and software features, physical controls, operating procedures, management procedures, and various combinations of these) designed to detect and deny unauthorized access and permit authorized access to an information system. SOURCE: CNSSI-4009

Access Level – A category within a given security classification limiting entry or system connectivity to only authorized persons. SOURCE: CNSSI-4009

Access List – Roster of individuals authorized admittance to a controlled area. SOURCE: CNSSI-4009

Access Point – A device that logically connects wireless client devices operating in infrastructure to one another and provides access to a distribution system, if connected, which is typically an organization’s enterprise wired network. SOURCE: SP 800-48; SP 800-121

Access Profile – Association of a user with a list of protected objects the user may access. SOURCE: CNSSI-4009

Access Type – Privilege to perform action on an object. Read, write, execute, append, modify, delete, and create are examples of access types. SOURCE: CNSSI-4009

Activation Data – Private data, other than keys, that are required to access cryptographic modules. SOURCE: SP 800-32

Active Attack – An attack that alters a system or data. SOURCE: CNSSI-4009

Active Content – Software in various forms that is able to automatically carry out or trigger actions on a computer platform without the intervention of a user. SOURCE: CNSSI-4009

Active Security Testing – Security testing that involves direct interaction with a target, such as sending packets to a target. SOURCE: SP 800-115

Advanced Encryption Standard – (AES) The Advanced Encryption Standard specifies a U.S. government-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. This standard specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. SOURCE: FIPS 197

B

Blacklisting – The process of the system invalidating a user ID based on the user’s inappropriate actions. A blacklisted user ID cannot be used to log on to the system, even with the correct authenticator. Blacklisting and lifting of a blacklisting are both security-relevant events. Blacklisting also applies to blocks placed against IP addresses to prevent inappropriate or unauthorized use of Internet resources. SOURCE: CNSSI-4009

Blue Team –

    1. The group responsible for defending an enterprise’s use of information systems by maintaining its security posture against a group of mock attackers (i.e., the Red Team). Typically the Blue Team and its supporters must defend against real or simulated attacks 1) over a significant period of time, 2) in a representative operational context (e.g., as part of an operational exercise), and 3) according to rules established and monitored with the help of a neutral group refereeing the simulation or exercise (i.e., the White Team).
    1. The term Blue Team is also used for defining a group of individuals that conduct operational network vulnerability evaluations and provide mitigation techniques to customers who have a need for an independent technical review of their network security posture. The Blue Team identifies security threats and risks in the operating environment, and in cooperation with the customer, analyzes the network environment and its current state of security readiness. Based on the Blue Team findings and expertise, they provide recommendations that integrate into an overall community security solution to increase the customer's cyber security readiness posture. Often times a Blue Team is employed by itself or prior to a Red Team employment to ensure that the customer's networks are as secure as possible before having the Red Team test the systems. SOURCE: CNSSI-4009

Body of Evidence (BoE) – The set of data that documents the information system’s adherence to the security controls applied. The BoE will include a Requirements Verification Traceability Matrix (RVTM) delineating where the selected security controls are met and evidence to that fact can be found. The BoE content required by an Authorizing Official will be adjusted according to the impact levels selected. SOURCE: CNSSI-4009

Boundary – Physical or logical perimeter of a system. SOURCE: CNSSI-4009

C

Capstone Policies – Those policies that are developed by governing or coordinating institutions of Health Information Exchanges (HIEs). They provide overall requirements and guidance for protecting health information within those HIEs. Capstone Policies must address the requirements imposed by: (1) all laws, regulations, and guidelines at the federal, state, and local levels; (2) business needs; and (3) policies at the institutional and HIE levels. SOURCE: NISTIR-7497

Capture – The method of taking a biometric sample from an end user. Source: FIPS 201

Certificate Management – Process whereby certificates (as defined above) are generated, stored, protected, transferred, loaded, used, and destroyed. SOURCE: CNSSI-4009

Certificate Management Authority – A Certification Authority (CA) or a Registration Authority (RA). SOURCE: SP 800-32

Certificate Policy (CP) – A specialized form of administrative policy tuned to electronic transactions performed during certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications. SOURCE: CNSSI-4009; SP 800-32

Certification Practice Statement – A statement of the practices that a Certification Authority employs in issuing, suspending, revoking, and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this Certificate Policy, or requirements specified in a contract for services). SOURCE: SP 800-32; CNSSI-4009

Certification Test and Evaluation – Software and hardware security tests conducted during development of an information system. SOURCE: CNSSI-4009

Checksum – Value computed on data to detect error or manipulation. SOURCE: CNSSI-4009

Cloud Computing - A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service Provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models SOURCE(s): NISTIR 8006 under Cloud computing from NIST SP 800-145 - Adapted

Cryptographic Initialization – Function used to set the state of a cryptographic logic prior to key generation, encryption, or other operating mode. SOURCE: CNSSI-4009

Cryptographic Key – A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. SOURCE: SP 800-63

D

Data – A subset of information in an electronic format that allows it to be retrieved or transmitted. SOURCE: CNSSI-4009

Data Aggregation – Compilation of individual data systems and data that could result in the totality of the information being classified, or classified at a higher level, or of beneficial use to an adversary. SOURCE: CNSSI-4009

Data Origin Authentication – The process of verifying that the source of the data is as claimed and that the data has not been modified. SOURCE: CNSSI-4009

Data Security – Protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. SOURCE: CNSSI-4009

Data Transfer Device (DTD) – Fill device designed to securely store, transport, and transfer electronically both COMSEC and TRANSEC key, designed to be backward compatible with the previous generation of COMSEC common fill devices, and programmable to support modern mission systems. SOURCE: CNSSI-4009

Denial of Service (DoS) – The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.) SOURCE: CNSSI-4009

Differential Power Analysis – An analysis of the variations of the electrical power consumption of a cryptographic module, using advanced statistical methods and/or other techniques, for the purpose of extracting information correlated to cryptographic keys used in a cryptographic algorithm. SOURCE: FIPS 140-2

Digital Evidence – Electronic information stored or transferred in digital form. SOURCE: SP 800-72

Digital Forensics – The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. SOURCE: SP 800-86

Digital Signature – An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation. SOURCE: SP 800-63

Disaster Recovery Plan (DRP) – A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities. SOURCE: SP 800-34

E

Embedded Cryptographic System – Cryptosystem performing or controlling a function as an integral element of a larger system or subsystem. SOURCE: CNSSI-4009

Embedded Cryptography - Cryptography engineered into an equipment or system whose basic function is not cryptographic. SOURCE: CNSSI-4009

Encipher – Convert plain text to cipher text by means of a cryptographic system. SOURCE: CNSSI-4009

Encode – Convert plain text to cipher text by means of a code. SOURCE: CNSSI-4009

Encrypt – Generic term encompassing encipher and encode. SOURCE: CNSSI-4009

Encrypted Key – A cryptographic key that has been encrypted using an Approved security function with a key encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key. SOURCE: FIPS 140-2

Encrypted Network – A network on which messages are encrypted (e.g., using DES, AES, or other appropriate algorithms) to prevent reading by unauthorized parties. SOURCE: SP 800-32

Encryption – Conversion of plaintext to ciphertext through the use of a cryptographic algorithm. SOURCE: FIPS 185

End-to-End Encryption – Encryption of information at its origin and decryption at its intended destination without intermediate decryption. SOURCE: CNSSI-4009

End-to-End Security – Safeguarding information in an information system from point of origin to point of destination. SOURCE: CNSSI-4009

F

Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP empowers agencies to use modern cloud technologies, with emphasis on security and protection of federal information, and helps accelerate the adoption of secure, cloud solutions.

Federal Information Security Management Act (FISMA) is a United States federal law that defines a comprehensive framework to protect government information, operations, and assets against natural and manmade threats. This risk management framework was signed into law as part of the Electronic Government Act of 2002. Since 2002, FISMA's scope has widened to apply to state agencies that administer federal programs, or private businesses and service providers that hold a contract with the U.S. government.

False Positive – An alert that incorrectly indicates that malicious activity is occurring. SOURCE: SP 800-61

False Rejection – In biometrics, the instance of a security system failing to verify or identify an authorized person. It does not necessarily indicate a flaw in the biometric system; for example, in a fingerprint-based system, an incorrectly aligned finger on the scanner or dirt on the scanner can result in the scanner misreading the fingerprint, causing a false rejection of the authorized user. SOURCE: CNSSI-4009

Federal Information Processing Standard (FIPS) – A standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology in order to achieve a common level of quality or some level of interoperability. SOURCE: FIPS 201

File Encryption – The process of encrypting individual files on a storage medium and permitting access to the encrypted data only after proper authentication is provided. SOURCE: SP 800-111

File Name Anomaly –

    1. A mismatch between the internal file header and its external extension.
    1. A file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension. SOURCE: SP 800-72

File Protection – Aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents. SOURCE: CNSSI-4009

File Security – Means by which access to computer files is limited to authorized users only. SOURCE: CNSSI-4009

Firewall – A gateway that limits access between networks in accordance with local security policy. SOURCE: SP 800-32

Forensics – The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data. SOURCE: CNSSI-4009

G

Gateway – Interface providing compatibility between networks by converting transmission speeds, protocols, codes, or security measures. SOURCE: CNSSI-4009

H

Handshaking Procedures – Dialogue between two information systems for synchronizing, identifying, and authenticating themselves to one another. SOURCE: CNSSI-4009

Hard Copy Key – Physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories (PROM). SOURCE: CNSSI-4009

Hardening – Configuring a host’s operating systems and applications to reduce the host’s security weaknesses. SOURCE: SP 800-123

Hardware – The physical components of an information system. SOURCE: CNSSI-4009

High Availability – A failover feature to ensure availability during device or component interruptions. SOURCE: SP 800-113

I

Identification – The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system. SOURCE: SP 800-47

Identifier – Unique data used to represent a person’s identity and associated attributes. A name or a card number are examples of identifiers. SOURCE: FIPS 201

Identity – A set of attributes that uniquely describe a person within a given context. SOURCE: SP 800-63

Identity – The set of physical and behavioral characteristics by which an individual is uniquely recognizable. SOURCE: FIPS 201

Identity Token – Smart card, metal key, or other physical object used to authenticate identity. SOURCE: CNSSI-4009

Identity Validation – Tests enabling an information system to authenticate users or resources. SOURCE: CNSSI-4009

Incident – A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. SOURCE: SP 800-61

Intellectual Property – Creations of the mind such as musical, literary, and artistic works; inventions; and symbols, names, images, and designs used in commerce, including copyrights, trademarks, patents, and related rights. Under intellectual property law, the holder of one of these abstract “properties” has certain exclusive rights to the creative work, commercial symbol, or invention by which it is covered. SOURCE: CNSSI-4009

Internet Protocol (IP) – Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks. SOURCE: CNSSI-4009

Intranet – A private network that is employed within the confines of a given enterprise (e.g., internal to a business or agency). SOURCE: CNSSI-4009

Intrusion – Unauthorized act of bypassing the security mechanisms of a system. SOURCE: CNSSI-4009

Intrusion Detection Systems (IDS) – Hardware or software product that gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organizations) and misuse (attacks from within the organizations.) SOURCE: CNSSI-4009

J

Jamming – An attack in which a device is used to emit electromagnetic energy on a wireless network’s frequency to make it unusable. SOURCE: SP 800-48

K

Kerberos – A means of verifying the identities of principals on an open network. It accomplishes this without relying on the authentication, trustworthiness, or physical security of hosts while assuming all packets can be read, modified and inserted at will. It uses a trust broker model and symmetric cryptography to provide authentication and authorization of users and systems on the network. SOURCE: SP 800-95

Key – A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. SOURCE: SP 800-63

Key Logger – A program designed to record which keys are pressed on a computer keyboard used to obtain passwords or encryption keys and thus bypass other security measures. SOURCE: SP 800-82

L

Least Privilege – The security objective of granting users only those accesses they need to perform their official duties. SOURCE: SP 800-12

Level of Protection – Extent to which protective measures, techniques, and procedures must be applied to information systems and networks based on risk, threat, vulnerability, system interconnectivity considerations, and information assurance needs. Levels of protection are:

    1. Basic: information systems and networks requiring implementation of standard minimum security countermeasures.
    1. Medium: information systems and networks requiring layering of additional safeguards above the standard minimum security countermeasures.
    1. High: information systems and networks requiring the most stringent protection and rigorous security countermeasures. SOURCE: CNSSI-4009

Likelihood of Occurrence – In Information Assurance risk analysis, a weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability. SOURCE: CNSSI-4009

M

Malicious Code – Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code. SOURCE: SP 800-53; CNSSI-4009

Malware – A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or of otherwise annoying or disrupting the victim. SOURCE: SP 800-83

Man-in-the-middle Attack (MitM) – A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association. SOURCE: CNSSI-4009

Mandatory Access Control (MAC) – A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity. SOURCE: SP 800-44

Mandatory Access Control – Access controls (which) are driven by the results of a comparison between the user’s trust level or clearance and the sensitivity designation of the information. SOURCE: FIPS 191

Masquerading –When an unauthorized agent claims the identity of another agent, it is said to be masquerading. SOURCE: SP 800-19

Multilevel Security (MLS) – A concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization. SOURCE: CNSSI-4009

N

Needs Assessment (IT Security Awareness and Training) – A process that can be used to determine an organization’s awareness and training needs. The results of a needs assessment can provide justification to convince management to allocate adequate resources to meet the identified awareness and training needs. SOURCE: SP 800-50

Network – Information system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices. SOURCE: SP 800-53; CNSSI-4009

Network Access – Access to an organizational information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet). SOURCE: SP 800-53; CNSSI-4009

Network Access Control (NAC) – A feature provided by some firewalls that allows access based on a user’s credentials and the results of health checks performed on the telework client device. SOURCE: SP 800-41

Network Address Translation (NAT) – A routing technology used by many firewalls to hide internal system addresses from an external network through use of an addressing schema. SOURCE: SP 800-41

O

Object Identifier – A specialized formatted number that is registered with an internationally recognized standards organization. The unique alphanumeric/numeric identifier registered under the ISO registration standard to reference a specific object or object class. In the federal government PKI, they are used to uniquely identify each of the four policies and cryptographic algorithms supported. SOURCE: SP 800-32

Open Storage – Any storage of classified national security information outside of approved containers. This includes classified information that is resident on information systems media and outside of an approved storage container, regardless of whether or not that media is in use (i.e., unattended operations). SOURCE: CNSSI-4009

Operating System (OS) Fingerprinting – Analyzing characteristics of packets sent by a target, such as packet headers or listening ports, to identify the operating system in use on the target. SOURCE: SP 800-115

Operations Code – Code composed largely of words and phrases suitable for general communications use. SOURCE: CNSSI-4009

Organization – A federal agency, or, as appropriate, any of its operational elements. SOURCE: FIPS 200

Overwrite Procedure – A software process that replaces data previously stored on storage media with a predetermined set of meaningless data or random patterns. SOURCE: CNSSI-4009

P

Packet Filter – A routing device that provides access control functionality for host addresses and communication sessions. SOURCE: SP 800-41

Packet Sniffer – Software that observes and records network traffic. SOURCE: CNSSI-4009

Password – A protected character string used to authenticate the identity of a computer system user or to authorize access to system resources. SOURCE: FIPS 181

Password Cracking – The process of recovering secret passwords stored in a computer system or transmitted over a network. SOURCE: SP 800-115

Password Protected – The ability to protect a file using a password access control, protecting the data contents from being viewed with the appropriate viewer unless the proper password is entered. SOURCE: SP 800-72

Patch – An update to an operating system, application, or other software issued specifically to correct particular problems with the software. SOURCE: SP 800-123

Payload – The input data to the CCM generation-encryption process that is both authenticated and encrypted. SOURCE: SP 800-38C

Penetration Testing – A test methodology in which assessors, using all available documentation (e.g., system design, source code, manuals) and working under specific constraints, attempt to circumvent the security features of an information system. SOURCE: SP 800-53A

Personal Identification Number (PIN) – A secret that a claimant memorizes and uses to authenticate his or her identity. PINs are generally only decimal digits. SOURCE: FIPS 201

Phishing - A digital form of social engineering that uses authentic looking but bogus emails to request information from users or direct them to a fake Web site that requests information. SOURCE: SP 800-115

Plaintext – Data input to the Cipher or output from the Inverse Cipher. SOURCE: FIPS 197

Policy Mapping – Recognizing that, when a CA in one domain certifies a CA in another domain, a particular certificate policy in the second domain may be considered by the authority of the first domain to be equivalent (but not necessarily identical in all respects) to a particular certificate policy in the first domain. SOURCE: SP 800-15

Port – A physical entry or exit point of a cryptographic module that provides access to the module for physical signals, represented by logical information flows (physically separated ports do not share the same physical pin or wire). SOURCE: FIPS 140-2

Port Scanning – Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports). SOURCE: CNSSI-4009

Portal – A high-level remote access architecture that is based on a server that offers teleworkers access to one or more applications through a single centralized interface. SOURCE: SP 800-46

Privilege – A right granted to an individual, a program, or a process. SOURCE: CNSSI-4009

Privileged Accounts – Individuals who have access to set “access rights” for users on a given system. Sometimes referred to as system or network administrative accounts. SOURCE: SP 800-12

Probe – A technique that attempts to access a system to learn something about the system. SOURCE: CNSSI-4009

Profiling – Measuring the characteristics of expected activity so that changes to it can be more easily identified. SOURCE: SP 800-61; CNSSI-4009

Protocol – Set of rules and formats, semantic and syntactic, permitting information systems to exchange information. SOURCE: CNSSI-4009

Protocol Data Unit – A unit of data specified in a protocol and consisting of protocol information and, possibly, user data. SOURCE: FIPS 188

Protocol Entity – Entity that follows a set of rules and formats (semantic and syntactic) that determines the communication behavior of other entities. SOURCE: FIPS 188

Proxy – A proxy is an application that “breaks” the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network and processes it and forwards it. This effectively closes the straight path between the internal and external networks making it more difficult for an attacker to obtain internal addresses and other details of the organization’s internal network. Proxy servers are available for common Internet services; for example, a Hyper Text Transfer Protocol (HTTP) proxy used for Web access, and a Simple Mail Transfer Protocol (SMTP) proxy used for email. SOURCE: SP 800-44

Proxy Server – A server that services the requests of its clients by forwarding those requests to other servers. SOURCE: CNSSI-4009

Public Domain Software – Software not protected by copyright laws of any nation that may be freely used without permission of, or payment to, the creator, and that carries no warranties from, or liabilities to the creator. SOURCE: CNSSI-4009

Public Key - A cryptographic key used with a public key cryptographic algorithm, uniquely associated with an entity, and which may be made public; it is used to verify a digital signature; this key is mathematically linked with a corresponding private key. SOURCE: FIPS 196

Q

Qualitative Assessment – Use of a set of methods, principles, or rules for assessing risk based on nonnumeric categories or levels. SOURCE: SP 800-30

Quality of Service – The measurable end-to-end performance properties of a network service, which can be guaranteed in advance by a Service-Level Agreement between a user and a service provider, so as to satisfy specific customer application requirements. Note: These properties may include throughput (bandwidth), transit delay (latency), error rates, priority, security, packet loss, packet jitter, etc. SOURCE: CNSSI-4009

Quantitative Assessment – Use of a set of methods, principles, or rules for assessing risks based on the use of numbers where the meanings and proportionality of values are maintained inside and outside the context of the assessment. SOURCE: SP 800-30

Quarantine – Store files containing malware in isolation for future disinfection or examination. SOURCE: SP 800-69

R

Radio Frequency Identification (RFID) – A form of automatic identification and data capture (AIDC) that uses electric or magnetic fields at radio frequencies to transmit information. SOURCE: SP 800-98

Read – Fundamental operation in an information system that results only in the flow of information from an object to a subject. SOURCE: CNSSI-4009

Read Access – Permission to read information in an information system. SOURCE: CNSSI-4009

Real-Time Reaction – Immediate response to a penetration attempt that is detected and diagnosed in time to prevent access. SOURCE: CNSSI-4009

Red Team – A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. The Red Team’s objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment. SOURCE: CNSSI-4009

Red Team Exercise – An exercise, reflecting real-world conditions, that is conducted as a simulated adversarial attempt to compromise organizational missions and/or business processes to provide a comprehensive assessment of the security capability of the information system and organization. SOURCE: SP 800-53

Remote Access – Access to an organizational information system by a user (or an information system acting on behalf of a user) communicating through an external network (e.g., the Internet). SOURCE: SP 800-53

Repository – A database containing information and data relating to certificates as specified in a CP; may also be referred to as a directory. SOURCE: SP 800-32

Risk Assessment – The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis. SOURCE: SP 800-53; SP 800-53A; SP 800-37

Risk Assessment Methodology – A risk assessment process, together with a risk model, assessment approach, and analysis approach. SOURCE: SP 800-30

Risk Assessment Report – The report which contains the results of performing a risk assessment or the formal output from the process of assessing risk. SOURCE: SP 800-30

Root Certification Authority – In a hierarchical Public Key Infrastructure, the Certification Authority whose public key serves as the most trusted datum (i.e., the beginning of trust paths) for a security domain. SOURCE: SP 800-32; CNSSI-4009

Rootkit – A set of tools used by an attacker after gaining root-level access to a host to conceal the attacker’s activities on the host and permit the attacker to maintain root-level access to the host through covert means. SOURCE: CNSSI-4009

S Safeguards – Protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures. SOURCE: SP 800-53; SP 800-37; FIPS 200; CNSSI-4009

Sandboxing- A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized. SOURCE: CNSSI-4009

Scanning – Sending packets or requests to another system to gain information to be used in a subsequent attack. SOURCE: CNSSI-4009

Secure Socket Layer (SSL) – A protocol used for protecting private information during transmission via the Internet.

  • Note: SSL works by using a public key to encrypt data that's transferred over the SSL connection. Most Web browsers support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https:” instead of “http:.” SOURCE: CNSSI-4009

Security Content Automation Protocol (SCAP) – A method for using specific standardized testing methods to enable automated vulnerability management, measurement, and policy compliance evaluation against a standardized set of security requirements. SOURCE: CNSSI-4009

Signature – A recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system. SOURCE: SP 800-61

Signature Certificate – A public key certificate that contains a public key intended for verifying digital signatures rather than encrypting data or performing any other cryptographic functions. SOURCE: SP 800-32; CNSSI-4009

Smart Card – A credit card-sized card with embedded integrated circuits that can store, process, and communicate information. SOURCE: CNSSI-4009

Social Engineering – An attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks. SOURCE: SP 800-61

Spam - Electronic junk mail or the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. SOURCE: CNSSI-4009

Spoofing – “IP spoofing” refers to sending a network packet that appears to come from a source other than its actual source. SOURCE: SP 800-48

Spyware – Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge; a type of malicious code. SOURCE: SP 800-53; CNSSI-4009

Steganography – The art and science of communicating in a way that hides the existence of the communication. For example, a child pornography image can be hidden inside another graphic image file, audio file, or other file format. SOURCE: SP 800-72; SP 800-101

Supply Chain Attack – Attacks that allow the adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, software, operating systems, peripherals (information technology products) or services at any point during the life cycle. SOURCE: CNSSI-4009

System Development Life Cycle (SDLC) – The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation. SOURCE: SP 800-34; CNSSI-4009

System Development Methodologies – Methodologies developed through software engineering to manage the complexity of system development. Development methodologies include software engineering aids and high-level design analysis tools. SOURCE: CNSSI-4009

System Integrity – The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental. SOURCE: SP 800-27

T

Tailoring – The process by which a security control baseline is modified based on: (i) the application of scoping guidance; (ii) the specification of compensating security controls, if needed; and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements. SOURCE: SP 800-37; SP 800-53; SP 800-53A; CNSSI-4009

Tampering – An intentional event resulting in modification of a system, its intended behavior, or data. SOURCE: CNSSI-4009

Telecommunications – Preparation, transmission, communication, or related processing of information (writing, images, sounds, or other data) by electrical, electromagnetic, electromechanical, electro-optical, or electronic means. SOURCE: CNSSI-4009

Threat – Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. SOURCE: SP 800-53; SP 800-53A; SP 800-27; SP 800-60; SP 800- 37; CNSSI-4009

Threat Analysis – The examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment. SOURCE: SP 800-27

Threat Assessment – Formal description and evaluation of threat to an information system. SOURCE: SP 800-53; SP 800-18

Threat Monitoring – Analysis, assessment, and review of audit trails and other information collected for the purpose of searching out system events that may constitute violations of system security. SOURCE: CNSSI-4009

Token – Something that the Claimant possesses and controls (typically a key or password) that is used to authenticate the Claimant’s identity. SOURCE: SP 800-63

Tracking Cookie – A cookie placed on a user’s computer to track the user’s activity on different Web sites, creating a detailed profile of the user’s behavior. SOURCE: SP 800-83

Traffic Analysis – A form of passive attack in which an intruder observes information about calls (although not necessarily the contents of the messages) and makes inferences, e.g., from the source and destination numbers, or frequency and length of the messages. SOURCE: SP 800-24

Trojan Horse – A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. SOURCE: CNSSI-4009

U

Unauthorized Access – Unauthorized Occurs when a user, legitimate or unauthorized, accesses a resource that the user is not permitted to use. SOURCE: FIPS 191

Unauthorized Disclosure – An event involving the exposure of information to entities not authorized access to the information. SOURCE: SP 800-57 Part 1; CNSSI-4009

User – Individual or (system) process authorized to access an information system. SOURCE: FIPS 200

User Initialization – A function in the life cycle of keying material; the process whereby a user initializes its cryptographic application (e.g., installing and initializing software and hardware). SOURCE: SP 800-57 Part 1

V

Validation – The process of demonstrating that the system under consideration meets in all respects the specification of that system. SOURCE: FIPS 201

Verification – Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled (e.g., an entity’s requirements have been correctly defined, or an entity’s attributes have been correctly presented; or a procedure or function performs as intended and leads to the expected outcome). SOURCE: CNSSI-4009

Virtual Machine (VM) – Software that allows a single host to run one or more guest operating systems. SOURCE: SP 800-115

Virtual Private Network (VPN) – A virtual network, built on top of existing physical networks, that provides a secure communications tunnel for data and other information transmitted between networks. SOURCE: SP 800-46

Virus – A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use email programs to spread itself to other computers, or even erase everything on a hard disk. SOURCE: CNSSI-4009

Vulnerability – Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. SOURCE: SP 800-53; SP 800-53A; SP 800-37; SP 800-60; SP 800-115; FIPS 200

Vulnerability Assessment –Formal description and evaluation of the vulnerabilities in an information system. SOURCE: SP 800-53; SP 800-37

W

Web Content Filtering Software – A program that prevents access to undesirable Web sites, typically by comparing a requested Web site address to a list of known bad Web sites. SOURCE: SP 800-69

Web Risk Assessment – Processes for ensuring Web sites are in compliance with applicable policies. SOURCE: CNSSI-4009

Whitelist – A list of discrete entities, such as hosts or applications that are known to be benign and are approved for use within an organization and/or information system. SOURCE: SP 800-128

Wi-Fi Protected Access-2 (WPA2) – The approved Wi-Fi Alliance interoperable implementation of the IEEE 802.11i security standard. For federal government use, the implementation must use FIPS-approved encryption, such as AES. SOURCE: CNSSI-4009

Wireless Local Area Network (WLAN) – A group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications. The security of each WLAN is heavily dependent on how well each WLAN component—including client devices, APs, and wireless switches—is secured throughout the WLAN lifecycle, from initial WLAN design and deployment through ongoing maintenance and monitoring. SOURCE: SP 800-153

Write – Fundamental operation in an information system that results only in the flow of information from a subject to an object. See Access Type. SOURCE: CNSSI-4009

Write Access – Permission to write to an object in an information system. SOURCE: CNSSI-4009

Z

Zeroize – To remove or eliminate the key from a cryptographic equipment or fill device. SOURCE: CNSSI-4009

Zombie – A program that is installed on a system to cause it to attack other systems. SOURCE: SP 800-83