NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
Share Embed Flag
Download ePaper

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

csrc.nist.gov
from csrc.nist.gov More from this publisher
23.03.2013 Views

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Software program that performs a specific function directly for a user and can be executed without access to system control, monitoring, or administrative privileges. SOURCE: CNSSI-4009 Approval to Operate (ATO) – The official management decision issued by a DAA or PAA to authorize operation of an information system and to explicitly accept the residual risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. SOURCE: CNSSI-4009 Approved – Federal Information Processing Standard (FIPS)-approved or National Institute of Standards and Technology (NIST)recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation. SOURCE: FIPS 201 Approved – FIPS-approved and/or NIST-recommended. SOURCE: FIPS 140-2 FIPS-approved and/or NIST-recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, 2) adopted in a FIPS or NIST Recommendation, or 3) specified in a list of NIST-approved security functions. SOURCE: FIPS 186 Approved Mode of Operation – A mode of the cryptographic module that employs only Approved security functions (not to be confused with a specific mode of an Approved security function, e.g., Data Encryption Standard Cipher- Block Chaining (DES CBC) mode). SOURCE: FIPS 140-2 Approved Security Function – A security function (e.g., cryptographic algorithm, cryptographic key management technique, or authentication technique) that is either a) specified in an Approved Standard; b) adopted in an Approved Standard and specified either in an appendix of the Approved Standard or in a document referenced by the Approved Standard; or c) specified in the list of Approved security functions. SOURCE: FIPS 140-2 Assessment – See Security Control Assessment. Pg 10

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Assessment Findings – Assessment results produced by the application of an assessment procedure to a security control or control enhancement to achieve an assessment objective; the execution of a determination statement within an assessment procedure by an assessor that results in either a satisfied or other than satisfied condition. SOURCE: SP 800-53A Assessment Method – One of three types of actions (i.e., examine, interview, test) taken by assessors in obtaining evidence during an assessment. SOURCE: SP 800-53A Assessment Object – The item (i.e., specifications, mechanisms, activities, individuals) upon which an assessment method is applied during an assessment. SOURCE: SP 800-53A Assessment Objective – A set of determination statements that expresses the desired outcome for the assessment of a security control or control enhancement. SOURCE: SP 800-53A Assessment Procedure – A set of assessment objectives and an associated set of assessment methods and assessment objects. SOURCE: SP 800-53A Assessor – See Security Control Assessor. Asset – A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems. SOURCE: CNSSI-4009 Assurance – Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. “Adequately met” includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or by-pass. SOURCE: SP 800-27 The grounds for confidence that the set of intended security controls in an information system are effective in their application. SOURCE: SP 800-37; SP 800-53A Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy. SOURCE: CNSSI-4009 Pg 11

NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />

S<strong>of</strong>tware program that performs a specific function directly for a user<br />

and can be executed without access to system control, monitoring, or<br />

administrative privileges.<br />

SOURCE: CNSSI-4009<br />

Approval to Operate (ATO) – The <strong>of</strong>ficial management decision issued by a DAA or PAA to<br />

authorize operation <strong>of</strong> an information system and to explicitly accept<br />

the residual risk to agency operations (including mission, functions,<br />

image, or reputation), agency assets, or individuals.<br />

SOURCE: CNSSI-4009<br />

Approved – Federal <strong>Information</strong> Processing Standard (FIPS)-approved or<br />

National Institute <strong>of</strong> Standards and Technology (NIST)recommended.<br />

An algorithm or technique that is either<br />

1) specified in a FIPS or NIST Recommendation, or<br />

2) adopted in a FIPS or NIST Recommendation.<br />

SOURCE: FIPS 201<br />

Approved – FIPS-approved and/or NIST-recommended.<br />

SOURCE: FIPS 140-2<br />

FIPS-approved and/or NIST-recommended. An algorithm or<br />

technique that is either 1) specified in a FIPS or NIST<br />

Recommendation, 2) adopted in a FIPS or NIST<br />

Recommendation, or 3) specified in a list <strong>of</strong> NIST-approved<br />

security functions.<br />

SOURCE: FIPS 186<br />

Approved Mode <strong>of</strong> Operation – A mode <strong>of</strong> the cryptographic module that employs only Approved<br />

security functions (not to be confused with a specific mode <strong>of</strong> an<br />

Approved security function, e.g., Data Encryption Standard Cipher-<br />

Block Chaining (DES CBC) mode).<br />

SOURCE: FIPS 140-2<br />

Approved <strong>Security</strong> Function – A security function (e.g., cryptographic algorithm, cryptographic key<br />

management technique, or authentication technique) that is either<br />

a) specified in an Approved Standard;<br />

b) adopted in an Approved Standard and specified either in an<br />

appendix <strong>of</strong> the Approved Standard or in a document<br />

referenced by the Approved Standard; or<br />

c) specified in the list <strong>of</strong> Approved security functions.<br />

SOURCE: FIPS 140-2<br />

Assessment – See <strong>Security</strong> Control Assessment.<br />

Pg 10

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!