NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Moderate-Impact System – An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of moderate and no security objective is assigned a FIPS 199 potential impact value of high. SOURCE: SP 800-53; SP 800-60; SP 800-37; FIPS 200 An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of moderate and no security objective is assigned a potential impact value of high. SOURCE: CNSSI-4009 Multi-Hop Problem – The security risks resulting from a mobile software agent visiting several platforms. SOURCE: SP 800-19 Multi-Releasable – A characteristic of an information domain where access control mechanisms enforce policy-based release of information to authorized users within the information domain. SOURCE: CNSSI-4009 Multifactor Authentication – Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See Authenticator. SOURCE: SP 800-53 Multilevel Device – Equipment trusted to properly maintain and separate data of different security domains. SOURCE: CNSSI-4009 Multilevel Mode – Mode of operation wherein all the following statements are satisfied concerning the users who have direct or indirect access to the system, its peripherals, remote terminals, or remote hosts: 1) some users do not have a valid security clearance for all the information processed in the information system; 2) all users have the proper security clearance and appropriate formal access approval for that information to which they have access; and 3) all users have a valid need-to-know only for information to which they have access. SOURCE: CNSSI-4009 Multilevel Security (MLS) – Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization. SOURCE: CNSSI-4009 Pg 122
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Multiple Component Incident – A single incident that encompasses two or more incidents. SOURCE: SP 800-61 Multiple Security Levels (MSL) – Capability of an information system that is trusted to contain, and maintain separation between, resources (particularly stored data) of different security domains. SOURCE: CNSSI-4009 Mutual Authentication – Occurs when parties at both ends of a communication activity authenticate each other. SOURCE: SP 800-32 The process of both entities involved in a transaction verifying each other. SOURCE: CNSSI-4009 Mutual Suspicion – Condition in which two information systems need to rely upon each other to perform a service, yet neither trusts the other to properly protect shared data. SOURCE: CNSSI-4009 Naming Authority – An organizational entity responsible for assigning distinguished names (DNs) and for assuring that each DN is meaningful and unique within its domain. SOURCE: SP 800-32 National Information Assurance Partnership (NIAP) – A U.S. government initiative established to promote the use of evaluated information systems products and champion the development and use of national and international standards for information technology security. NIAP was originally established as a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) in fulfilling their respective responsibilities under P.L. 100-235 (Computer Security Act of 1987). NIST officially withdrew from the partnership in 2007 but NSA continues to manage and operate the program. The key operational component of NIAP is the Common Criteria Evaluation and Validation Scheme (CCEVS) which is the only U.S. government-sponsored and endorsed program for conducting internationally recognized security evaluations of commercial off-the-shelf (COTS) Information Assurance (IA) and IA-enabled information technology products. NIAP employs the CCEVS to provide government oversight or “validation” to U.S. CC evaluations to ensure correct conformance to the International Common Criteria for IT Security Evaluation (ISO/IEC 15408). SOURCE: CNSSI-4009 Pg 123
- Page 72 and 73: NIST IR 7298 Revision 1, Glossary o
- Page 74 and 75: NIST IR 7298 Revision 1, Glossary o
- Page 76 and 77: NIST IR 7298 Revision 1, Glossary o
- Page 78 and 79: NIST IR 7298 Revision 1, Glossary o
- Page 80 and 81: NIST IR 7298 Revision 1, Glossary o
- Page 82 and 83: NIST IR 7298 Revision 1, Glossary o
- Page 84 and 85: NIST IR 7298 Revision 1, Glossary o
- Page 86 and 87: NIST IR 7298 Revision 1, Glossary o
- Page 88 and 89: NIST IR 7298 Revision 1, Glossary o
- Page 90 and 91: NIST IR 7298 Revision 1, Glossary o
- Page 92 and 93: NIST IR 7298 Revision 1, Glossary o
- Page 94 and 95: NIST IR 7298 Revision 1, Glossary o
- Page 96 and 97: NIST IR 7298 Revision 1, Glossary o
- Page 98 and 99: NIST IR 7298 Revision 1, Glossary o
- Page 100 and 101: NIST IR 7298 Revision 1, Glossary o
- Page 102 and 103: NIST IR 7298 Revision 1, Glossary o
- Page 104 and 105: NIST IR 7298 Revision 1, Glossary o
- Page 106 and 107: NIST IR 7298 Revision 1, Glossary o
- Page 108 and 109: NIST IR 7298 Revision 1, Glossary o
- Page 110 and 111: NIST IR 7298 Revision 1, Glossary o
- Page 112 and 113: NIST IR 7298 Revision 1, Glossary o
- Page 114 and 115: NIST IR 7298 Revision 1, Glossary o
- Page 116 and 117: NIST IR 7298 Revision 1, Glossary o
- Page 118 and 119: NIST IR 7298 Revision 1, Glossary o
- Page 120 and 121: NIST IR 7298 Revision 1, Glossary o
- Page 124 and 125: NIST IR 7298 Revision 1, Glossary o
- Page 126 and 127: NIST IR 7298 Revision 1, Glossary o
- Page 128 and 129: NIST IR 7298 Revision 1, Glossary o
- Page 130 and 131: NIST IR 7298 Revision 1, Glossary o
- Page 132 and 133: NIST IR 7298 Revision 1, Glossary o
- Page 134 and 135: NIST IR 7298 Revision 1, Glossary o
- Page 136 and 137: NIST IR 7298 Revision 1, Glossary o
- Page 138 and 139: NIST IR 7298 Revision 1, Glossary o
- Page 140 and 141: NIST IR 7298 Revision 1, Glossary o
- Page 142 and 143: NIST IR 7298 Revision 1, Glossary o
- Page 144 and 145: NIST IR 7298 Revision 1, Glossary o
- Page 146 and 147: NIST IR 7298 Revision 1, Glossary o
- Page 148 and 149: NIST IR 7298 Revision 1, Glossary o
- Page 150 and 151: NIST IR 7298 Revision 1, Glossary o
- Page 152 and 153: NIST IR 7298 Revision 1, Glossary o
- Page 154 and 155: NIST IR 7298 Revision 1, Glossary o
- Page 156 and 157: NIST IR 7298 Revision 1, Glossary o
- Page 158 and 159: NIST IR 7298 Revision 1, Glossary o
- Page 160 and 161: NIST IR 7298 Revision 1, Glossary o
- Page 162 and 163: NIST IR 7298 Revision 1, Glossary o
- Page 164 and 165: NIST IR 7298 Revision 1, Glossary o
- Page 166 and 167: NIST IR 7298 Revision 1, Glossary o
- Page 168 and 169: NIST IR 7298 Revision 1, Glossary o
- Page 170 and 171: NIST IR 7298 Revision 1, Glossary o
NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />
Moderate-Impact System – An information system in which at least one security objective (i.e.,<br />
confidentiality, integrity, or availability) is assigned a FIPS 199<br />
potential impact value <strong>of</strong> moderate and no security objective is<br />
assigned a FIPS 199 potential impact value <strong>of</strong> high.<br />
SOURCE: SP 800-53; SP 800-60; SP 800-37; FIPS 200<br />
An information system in which at least one security objective (i.e.,<br />
confidentiality, integrity, or availability) is assigned a potential<br />
impact value <strong>of</strong> moderate and no security objective is assigned a<br />
potential impact value <strong>of</strong> high.<br />
SOURCE: CNSSI-4009<br />
Multi-Hop Problem – The security risks resulting from a mobile s<strong>of</strong>tware agent visiting<br />
several platforms.<br />
SOURCE: SP 800-19<br />
Multi-Releasable – A characteristic <strong>of</strong> an information domain where access control<br />
mechanisms enforce policy-based release <strong>of</strong> information to<br />
authorized users within the information domain.<br />
SOURCE: CNSSI-4009<br />
Multifactor Authentication – Authentication using two or more factors to achieve<br />
authentication. Factors include: (i) something you know (e.g.<br />
password/PIN); (ii) something you have (e.g., cryptographic<br />
identification device, token); or (iii) something you are (e.g.,<br />
biometric). See Authenticator.<br />
SOURCE: SP 800-53<br />
Multilevel Device – Equipment trusted to properly maintain and separate data <strong>of</strong> different<br />
security domains.<br />
SOURCE: CNSSI-4009<br />
Multilevel Mode – Mode <strong>of</strong> operation wherein all the following statements are satisfied<br />
concerning the users who have direct or indirect access to the system,<br />
its peripherals, remote terminals, or remote hosts: 1) some users do<br />
not have a valid security clearance for all the information processed<br />
in the information system; 2) all users have the proper security<br />
clearance and appropriate formal access approval for that information<br />
to which they have access; and 3) all users have a valid need-to-know<br />
only for information to which they have access.<br />
SOURCE: CNSSI-4009<br />
Multilevel <strong>Security</strong> (MLS) – Concept <strong>of</strong> processing information with different classifications and<br />
categories that simultaneously permits access by users with different<br />
security clearances and denies access to users who lack authorization.<br />
SOURCE: CNSSI-4009<br />
Pg 122