NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

More documents

Recommendations

Info

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Assurance Case – A structured set of arguments and a body of evidence showing that an information system satisfies specific claims with respect to a given quality attribute. SOURCE: SP 800-53A Assured Information Sharing – The ability to confidently share information with those who need it, when and where they need it, as determined by operational need and an acceptable level of security risk. SOURCE: CNSSI-4009 Assured Software – Computer application that has been designed, developed, analyzed, and tested using processes, tools, and techniques that establish a level of confidence in it. SOURCE: CNSSI-4009 Asymmetric Cryptography – See Public Key Cryptography. SOURCE: CNSSI-4009 Asymmetric Keys – Two related keys, a public key and a private key that are used to perform complementary operations, such as encryption and decryption or signature generation and signature verification. SOURCE: FIPS 201 Attack – An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. SOURCE: SP 800-32 Attack Sensing and Warning (AS&W) – Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. SOURCE: CNSSI-4009 Detection, correlation, identification, and characterization of intentional unauthorized activity with notification to decision makers so that an appropriate response can be developed. SOURCE: CNSSI-4009 Attack Signature – A specific sequence of events indicative of an unauthorized access attempt. SOURCE: SP 800-12 A characteristic byte pattern used in malicious code or an indicator, or set of indicators, that allows the identification of malicious network activities. SOURCE: CNSSI-4009 Pg 12
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Attribute Authority – An entity, recognized by the Federal Public Key Infrastructure (PKI) Policy Authority or comparable agency body as having the authority to verify the association of attributes to an identity. SOURCE: SP 800-32 Attribute-Based Access Control – Access control based on attributes associated with and about subjects, objects, targets, initiators, resources, or the environment. An access control rule set defines the combination of attributes under which an access may take place. SOURCE: SP 800-53; CNSSI-4009 Attribute-Based Authorization – A structured process that determines when a user is authorized to access information, systems, or services based on attributes of the user and of the information, system, or service. SOURCE: CNSSI-4009 Audit – Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures. SOURCE: SP 800-32 Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures. SOURCE: CNSSI-4009 Audit Data – Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event. SOURCE: SP 800-32 Audit Log – A chronological record of system activities. Includes records of system accesses and operations performed in a given period. SOURCE: CNSSI-4009 Audit Reduction Tools – Preprocessors designed to reduce the volume of audit records to facilitate manual review. Before a security review, these tools can remove many audit records known to have little security significance. These tools generally remove records generated by specified classes of events, such as records generated by nightly backups. SOURCE: SP 800-12; CNSSI-4009 Pg 13
Page 2 and 3: NIST IR 7298 Revision 1 Glossary of
Page 4 and 5: NIST IR 7298 Revision 1, Glossary o
Page 62 and 63:
NIST IR 7298 Revision 1, Glossary o
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
NIST IR 7298, Glossary of Key Infor
show all

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?