NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
Share Embed Flag
Download ePaper

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

csrc.nist.gov
from csrc.nist.gov More from this publisher
23.03.2013 Views

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Moderate-Impact System – An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of moderate and no security objective is assigned a FIPS 199 potential impact value of high. SOURCE: SP 800-53; SP 800-60; SP 800-37; FIPS 200 An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of moderate and no security objective is assigned a potential impact value of high. SOURCE: CNSSI-4009 Multi-Hop Problem – The security risks resulting from a mobile software agent visiting several platforms. SOURCE: SP 800-19 Multi-Releasable – A characteristic of an information domain where access control mechanisms enforce policy-based release of information to authorized users within the information domain. SOURCE: CNSSI-4009 Multifactor Authentication – Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See Authenticator. SOURCE: SP 800-53 Multilevel Device – Equipment trusted to properly maintain and separate data of different security domains. SOURCE: CNSSI-4009 Multilevel Mode – Mode of operation wherein all the following statements are satisfied concerning the users who have direct or indirect access to the system, its peripherals, remote terminals, or remote hosts: 1) some users do not have a valid security clearance for all the information processed in the information system; 2) all users have the proper security clearance and appropriate formal access approval for that information to which they have access; and 3) all users have a valid need-to-know only for information to which they have access. SOURCE: CNSSI-4009 Multilevel Security (MLS) – Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization. SOURCE: CNSSI-4009 Pg 122

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Multiple Component Incident – A single incident that encompasses two or more incidents. SOURCE: SP 800-61 Multiple Security Levels (MSL) – Capability of an information system that is trusted to contain, and maintain separation between, resources (particularly stored data) of different security domains. SOURCE: CNSSI-4009 Mutual Authentication – Occurs when parties at both ends of a communication activity authenticate each other. SOURCE: SP 800-32 The process of both entities involved in a transaction verifying each other. SOURCE: CNSSI-4009 Mutual Suspicion – Condition in which two information systems need to rely upon each other to perform a service, yet neither trusts the other to properly protect shared data. SOURCE: CNSSI-4009 Naming Authority – An organizational entity responsible for assigning distinguished names (DNs) and for assuring that each DN is meaningful and unique within its domain. SOURCE: SP 800-32 National Information Assurance Partnership (NIAP) – A U.S. government initiative established to promote the use of evaluated information systems products and champion the development and use of national and international standards for information technology security. NIAP was originally established as a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) in fulfilling their respective responsibilities under P.L. 100-235 (Computer Security Act of 1987). NIST officially withdrew from the partnership in 2007 but NSA continues to manage and operate the program. The key operational component of NIAP is the Common Criteria Evaluation and Validation Scheme (CCEVS) which is the only U.S. government-sponsored and endorsed program for conducting internationally recognized security evaluations of commercial off-the-shelf (COTS) Information Assurance (IA) and IA-enabled information technology products. NIAP employs the CCEVS to provide government oversight or “validation” to U.S. CC evaluations to ensure correct conformance to the International Common Criteria for IT Security Evaluation (ISO/IEC 15408). SOURCE: CNSSI-4009 Pg 123

NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />

Moderate-Impact System – An information system in which at least one security objective (i.e.,<br />

confidentiality, integrity, or availability) is assigned a FIPS 199<br />

potential impact value <strong>of</strong> moderate and no security objective is<br />

assigned a FIPS 199 potential impact value <strong>of</strong> high.<br />

SOURCE: SP 800-53; SP 800-60; SP 800-37; FIPS 200<br />

An information system in which at least one security objective (i.e.,<br />

confidentiality, integrity, or availability) is assigned a potential<br />

impact value <strong>of</strong> moderate and no security objective is assigned a<br />

potential impact value <strong>of</strong> high.<br />

SOURCE: CNSSI-4009<br />

Multi-Hop Problem – The security risks resulting from a mobile s<strong>of</strong>tware agent visiting<br />

several platforms.<br />

SOURCE: SP 800-19<br />

Multi-Releasable – A characteristic <strong>of</strong> an information domain where access control<br />

mechanisms enforce policy-based release <strong>of</strong> information to<br />

authorized users within the information domain.<br />

SOURCE: CNSSI-4009<br />

Multifactor Authentication – Authentication using two or more factors to achieve<br />

authentication. Factors include: (i) something you know (e.g.<br />

password/PIN); (ii) something you have (e.g., cryptographic<br />

identification device, token); or (iii) something you are (e.g.,<br />

biometric). See Authenticator.<br />

SOURCE: SP 800-53<br />

Multilevel Device – Equipment trusted to properly maintain and separate data <strong>of</strong> different<br />

security domains.<br />

SOURCE: CNSSI-4009<br />

Multilevel Mode – Mode <strong>of</strong> operation wherein all the following statements are satisfied<br />

concerning the users who have direct or indirect access to the system,<br />

its peripherals, remote terminals, or remote hosts: 1) some users do<br />

not have a valid security clearance for all the information processed<br />

in the information system; 2) all users have the proper security<br />

clearance and appropriate formal access approval for that information<br />

to which they have access; and 3) all users have a valid need-to-know<br />

only for information to which they have access.<br />

SOURCE: CNSSI-4009<br />

Multilevel <strong>Security</strong> (MLS) – Concept <strong>of</strong> processing information with different classifications and<br />

categories that simultaneously permits access by users with different<br />

security clearances and denies access to users who lack authorization.<br />

SOURCE: CNSSI-4009<br />

Pg 122

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!