NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Non-Repudiation – Is the security service by which the entities involved in a communication cannot deny having participated. Specifically, the sending entity cannot deny having sent a message (non-repudiation with proof of origin), and the receiving entity cannot deny having received a message (non-repudiation with proof of delivery). SOURCE: FIPS 191 A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified and validated by a third party as having originated from a specific entity in possession of the private key (i.e., the signatory). SOURCE: FIPS 186 Nonce – A value used in security protocols that is never repeated with the same key. For example, challenges used in challenge-response authentication protocols generally must not be repeated until authentication keys are changed, or there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable. SOURCE: SP 800-63 A random or non-repeating value that is included in data exchanged by a protocol, usually for the purpose of guaranteeing the transmittal of live data rather than replayed data, thus detecting and protecting against replay attacks. SOURCE: CNSSI-4009 NSA-Approved Cryptography – Cryptography that consists of: (i) an approved algorithm; (ii) an implementation that has been approved for the protection of classified information in a particular environment; and (iii) a supporting key management infrastructure. SOURCE: SP 800-53 Null – Dummy letter, letter symbol, or code group inserted into an encrypted message to delay or prevent its decryption or to complete encrypted groups for transmission or transmission security purposes. SOURCE: CNSSI-4009 Object – A passive entity that contains or receives information. SOURCE: SP 800-27 Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object implies access to the information it contains. SOURCE: CNSSI-4009 Pg 128
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object (by a subject) implies access to the information it contains. See Subject. SOURCE: SP 800-53 Object Identifier – A specialized formatted number that is registered with an internationally recognized standards organization. The unique alphanumeric/numeric identifier registered under the ISO registration standard to reference a specific object or object class. In the federal government PKI, they are used to uniquely identify each of the four policies and cryptographic algorithms supported. SOURCE: SP 800-32 Object Reuse – Reassignment and reuse of a storage medium containing one or more objects after ensuring no residual data remains on the storage medium. SOURCE: CNSSI-4009 Off-Card – Refers to data that is not stored within the PIV card or computation that is not done by the Integrated Circuit Chip (ICC) of the PIV card. SOURCE: FIPS 201 Off-line Attack – An attack where the attacker obtains some data (typically by eavesdropping on an authentication protocol run, or by penetrating a system and stealing security files) that he/she is able to analyze in a system of his/her own choosing. SOURCE: SP 800-63 Off-line Cryptosystem – Cryptographic system in which encryption and decryption are performed independently of the transmission and reception functions. SOURCE: CNSSI-4009 Official Information – All information in the custody and control of a U.S. government department or agency that was acquired by U.S. government employees as a part of their official duties or because of their official status and has not been cleared for public release. SOURCE: CNSSI-4009 On-Card – Refers to data that is stored within the PIV card or computation that is done by the ICC of the PIV card. SOURCE: FIPS 201 Pg 129
- Page 78 and 79: NIST IR 7298 Revision 1, Glossary o
- Page 80 and 81: NIST IR 7298 Revision 1, Glossary o
- Page 82 and 83: NIST IR 7298 Revision 1, Glossary o
- Page 84 and 85: NIST IR 7298 Revision 1, Glossary o
- Page 86 and 87: NIST IR 7298 Revision 1, Glossary o
- Page 88 and 89: NIST IR 7298 Revision 1, Glossary o
- Page 90 and 91: NIST IR 7298 Revision 1, Glossary o
- Page 92 and 93: NIST IR 7298 Revision 1, Glossary o
- Page 94 and 95: NIST IR 7298 Revision 1, Glossary o
- Page 96 and 97: NIST IR 7298 Revision 1, Glossary o
- Page 98 and 99: NIST IR 7298 Revision 1, Glossary o
- Page 100 and 101: NIST IR 7298 Revision 1, Glossary o
- Page 102 and 103: NIST IR 7298 Revision 1, Glossary o
- Page 104 and 105: NIST IR 7298 Revision 1, Glossary o
- Page 106 and 107: NIST IR 7298 Revision 1, Glossary o
- Page 108 and 109: NIST IR 7298 Revision 1, Glossary o
- Page 110 and 111: NIST IR 7298 Revision 1, Glossary o
- Page 112 and 113: NIST IR 7298 Revision 1, Glossary o
- Page 114 and 115: NIST IR 7298 Revision 1, Glossary o
- Page 116 and 117: NIST IR 7298 Revision 1, Glossary o
- Page 118 and 119: NIST IR 7298 Revision 1, Glossary o
- Page 120 and 121: NIST IR 7298 Revision 1, Glossary o
- Page 122 and 123: NIST IR 7298 Revision 1, Glossary o
- Page 124 and 125: NIST IR 7298 Revision 1, Glossary o
- Page 126 and 127: NIST IR 7298 Revision 1, Glossary o
- Page 130 and 131: NIST IR 7298 Revision 1, Glossary o
- Page 132 and 133: NIST IR 7298 Revision 1, Glossary o
- Page 134 and 135: NIST IR 7298 Revision 1, Glossary o
- Page 136 and 137: NIST IR 7298 Revision 1, Glossary o
- Page 138 and 139: NIST IR 7298 Revision 1, Glossary o
- Page 140 and 141: NIST IR 7298 Revision 1, Glossary o
- Page 142 and 143: NIST IR 7298 Revision 1, Glossary o
- Page 144 and 145: NIST IR 7298 Revision 1, Glossary o
- Page 146 and 147: NIST IR 7298 Revision 1, Glossary o
- Page 148 and 149: NIST IR 7298 Revision 1, Glossary o
- Page 150 and 151: NIST IR 7298 Revision 1, Glossary o
- Page 152 and 153: NIST IR 7298 Revision 1, Glossary o
- Page 154 and 155: NIST IR 7298 Revision 1, Glossary o
- Page 156 and 157: NIST IR 7298 Revision 1, Glossary o
- Page 158 and 159: NIST IR 7298 Revision 1, Glossary o
- Page 160 and 161: NIST IR 7298 Revision 1, Glossary o
- Page 162 and 163: NIST IR 7298 Revision 1, Glossary o
- Page 164 and 165: NIST IR 7298 Revision 1, Glossary o
- Page 166 and 167: NIST IR 7298 Revision 1, Glossary o
- Page 168 and 169: NIST IR 7298 Revision 1, Glossary o
- Page 170 and 171: NIST IR 7298 Revision 1, Glossary o
- Page 172 and 173: NIST IR 7298 Revision 1, Glossary o
- Page 174 and 175: NIST IR 7298 Revision 1, Glossary o
- Page 176 and 177: NIST IR 7298 Revision 1, Glossary o
NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />
Passive information system-related entity (e.g., devices, files,<br />
records, tables, processes, programs, domains) containing or<br />
receiving information. Access to an object (by a subject) implies<br />
access to the information it contains. See Subject.<br />
SOURCE: SP 800-53<br />
Object Identifier – A specialized formatted number that is registered with an<br />
internationally recognized standards organization. The unique<br />
alphanumeric/numeric identifier registered under the ISO registration<br />
standard to reference a specific object or object class. In the federal<br />
government PKI, they are used to uniquely identify each <strong>of</strong> the four<br />
policies and cryptographic algorithms supported.<br />
SOURCE: SP 800-32<br />
Object Reuse – Reassignment and reuse <strong>of</strong> a storage medium containing one or more<br />
objects after ensuring no residual data remains on the storage<br />
medium.<br />
SOURCE: CNSSI-4009<br />
Off-Card – Refers to data that is not stored within the PIV card or computation<br />
that is not done by the Integrated Circuit Chip (ICC) <strong>of</strong> the PIV card.<br />
SOURCE: FIPS 201<br />
Off-line Attack – An attack where the attacker obtains some data (typically by<br />
eavesdropping on an authentication protocol run, or by penetrating a<br />
system and stealing security files) that he/she is able to analyze in a<br />
system <strong>of</strong> his/her own choosing.<br />
SOURCE: SP 800-63<br />
Off-line Cryptosystem – Cryptographic system in which encryption and decryption are<br />
performed independently <strong>of</strong> the transmission and reception functions.<br />
SOURCE: CNSSI-4009<br />
Official <strong>Information</strong> – All information in the custody and control <strong>of</strong> a U.S. government<br />
department or agency that was acquired by U.S. government<br />
employees as a part <strong>of</strong> their <strong>of</strong>ficial duties or because <strong>of</strong> their <strong>of</strong>ficial<br />
status and has not been cleared for public release.<br />
SOURCE: CNSSI-4009<br />
On-Card – Refers to data that is stored within the PIV card or computation that<br />
is done by the ICC <strong>of</strong> the PIV card.<br />
SOURCE: FIPS 201<br />
Pg 129