NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Policy Management Authority – (PMA) Body established to oversee the creation and update of Certificate Policies, review Certification Practice Statements, review the results of CA audits for policy compliance, evaluate non-domain policies for acceptance within the domain, and generally oversee and manage the PKI certificate policies. For the FBCA, the PMA is the Federal PKI Policy Authority. SOURCE: SP 800-32 Policy Mapping – Recognizing that, when a CA in one domain certifies a CA in another domain, a particular certificate policy in the second domain may be considered by the authority of the first domain to be equivalent (but not necessarily identical in all respects) to a particular certificate policy in the first domain. SOURCE: SP 800-15 Port – A physical entry or exit point of a cryptographic module that provides access to the module for physical signals, represented by logical information flows (physically separated ports do not share the same physical pin or wire). SOURCE: FIPS 140-2 Port Scanning – Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports). SOURCE: SP 800-61; CNSSI-4009 Portal – A high-level remote access architecture that is based on a server that offers teleworkers access to one or more applications through a single centralized interface. SOURCE: SP 800-46 Portable Electronic Device (PED) – Any nonstationary electronic apparatus with singular or multiple capabilities of recording, storing, and/or transmitting data, voice, video, or photo images. This includes but is not limited to laptops, personal digital assistants, pocket personal computers, palmtops, MP3 players, cellular telephones, thumb drives, video cameras, and pagers. SOURCE: CNSSI-4009 Positive Control Material – Generic term referring to a sealed authenticator system, permissive action link, coded switch system, positive enable system, or nuclear command and control documents, material, or devices. SOURCE: CNSSI-4009 Pg 140
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Potential Impact – The loss of confidentiality, integrity, or availability could be expected to have: 1) a limited adverse effect (FIPS 199 low); 2) a serious adverse effect (FIPS 199 moderate); or 3) a severe or catastrophic adverse effect (FIPS 199 high) on organizational operations, organizational assets, or individuals. SOURCE: SP 800-53; SP 800-60; SP 800-37; FIPS 199 Potential Impact – The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect; a serious adverse effect, or a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. SOURCE: FIPS 200 The loss of confidentiality, integrity, or availability that could be expected to have a limited (low) adverse effect, a serious (moderate) adverse effect, or a severe or catastrophic (high) adverse effect on organizational operations, organizational assets, or individuals. SOURCE: CNSSI-4009 Practice Statement – A formal statement of the practices followed by an authentication entity (e.g., RA, CSP, or verifier); typically the specific steps taken to register and verify identities, issue credentials, and authenticate claimants. SOURCE: SP 800-63 Precursor – A sign that an attacker may be preparing to cause an incident. SOURCE: SP 800-61 A sign that an attacker may be preparing to cause an incident. See indicator. SOURCE: CNSSI-4009 Preproduction Model – Version of INFOSEC equipment employing standard parts and suitable for complete evaluation of form, design, and performance. Preproduction models are often referred to as beta models. SOURCE: CNSSI-4009 Primary Services Node (PRSN) – A Key Management Infrastructure core node that provides the users’ central point of access to KMI products, services, and information. SOURCE: CNSSI-4009 Principal – An entity whose identity can be authenticated. SOURCE: FIPS 196 Pg 141
- Page 90 and 91: NIST IR 7298 Revision 1, Glossary o
- Page 92 and 93: NIST IR 7298 Revision 1, Glossary o
- Page 94 and 95: NIST IR 7298 Revision 1, Glossary o
- Page 96 and 97: NIST IR 7298 Revision 1, Glossary o
- Page 98 and 99: NIST IR 7298 Revision 1, Glossary o
- Page 100 and 101: NIST IR 7298 Revision 1, Glossary o
- Page 102 and 103: NIST IR 7298 Revision 1, Glossary o
- Page 104 and 105: NIST IR 7298 Revision 1, Glossary o
- Page 106 and 107: NIST IR 7298 Revision 1, Glossary o
- Page 108 and 109: NIST IR 7298 Revision 1, Glossary o
- Page 110 and 111: NIST IR 7298 Revision 1, Glossary o
- Page 112 and 113: NIST IR 7298 Revision 1, Glossary o
- Page 114 and 115: NIST IR 7298 Revision 1, Glossary o
- Page 116 and 117: NIST IR 7298 Revision 1, Glossary o
- Page 118 and 119: NIST IR 7298 Revision 1, Glossary o
- Page 120 and 121: NIST IR 7298 Revision 1, Glossary o
- Page 122 and 123: NIST IR 7298 Revision 1, Glossary o
- Page 124 and 125: NIST IR 7298 Revision 1, Glossary o
- Page 126 and 127: NIST IR 7298 Revision 1, Glossary o
- Page 128 and 129: NIST IR 7298 Revision 1, Glossary o
- Page 130 and 131: NIST IR 7298 Revision 1, Glossary o
- Page 132 and 133: NIST IR 7298 Revision 1, Glossary o
- Page 134 and 135: NIST IR 7298 Revision 1, Glossary o
- Page 136 and 137: NIST IR 7298 Revision 1, Glossary o
- Page 138 and 139: NIST IR 7298 Revision 1, Glossary o
- Page 142 and 143: NIST IR 7298 Revision 1, Glossary o
- Page 144 and 145: NIST IR 7298 Revision 1, Glossary o
- Page 146 and 147: NIST IR 7298 Revision 1, Glossary o
- Page 148 and 149: NIST IR 7298 Revision 1, Glossary o
- Page 150 and 151: NIST IR 7298 Revision 1, Glossary o
- Page 152 and 153: NIST IR 7298 Revision 1, Glossary o
- Page 154 and 155: NIST IR 7298 Revision 1, Glossary o
- Page 156 and 157: NIST IR 7298 Revision 1, Glossary o
- Page 158 and 159: NIST IR 7298 Revision 1, Glossary o
- Page 160 and 161: NIST IR 7298 Revision 1, Glossary o
- Page 162 and 163: NIST IR 7298 Revision 1, Glossary o
- Page 164 and 165: NIST IR 7298 Revision 1, Glossary o
- Page 166 and 167: NIST IR 7298 Revision 1, Glossary o
- Page 168 and 169: NIST IR 7298 Revision 1, Glossary o
- Page 170 and 171: NIST IR 7298 Revision 1, Glossary o
- Page 172 and 173: NIST IR 7298 Revision 1, Glossary o
- Page 174 and 175: NIST IR 7298 Revision 1, Glossary o
- Page 176 and 177: NIST IR 7298 Revision 1, Glossary o
- Page 178 and 179: NIST IR 7298 Revision 1, Glossary o
- Page 180 and 181: NIST IR 7298 Revision 1, Glossary o
- Page 182 and 183: NIST IR 7298 Revision 1, Glossary o
- Page 184 and 185: NIST IR 7298 Revision 1, Glossary o
- Page 186 and 187: NIST IR 7298 Revision 1, Glossary o
- Page 188 and 189: NIST IR 7298 Revision 1, Glossary o
NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />
Potential Impact – The loss <strong>of</strong> confidentiality, integrity, or availability could be expected<br />
to have:<br />
1) a limited adverse effect (FIPS 199 low);<br />
2) a serious adverse effect (FIPS 199 moderate); or<br />
3) a severe or catastrophic adverse effect (FIPS 199 high) on<br />
organizational operations, organizational assets, or individuals.<br />
SOURCE: SP 800-53; SP 800-60; SP 800-37; FIPS 199<br />
Potential Impact – The loss <strong>of</strong> confidentiality, integrity, or availability could be expected<br />
to have a limited adverse effect; a serious adverse effect, or a severe<br />
or catastrophic adverse effect on organizational operations,<br />
organizational assets, or individuals.<br />
SOURCE: FIPS 200<br />
The loss <strong>of</strong> confidentiality, integrity, or availability that could be<br />
expected to have a limited (low) adverse effect, a serious (moderate)<br />
adverse effect, or a severe or catastrophic (high) adverse effect on<br />
organizational operations, organizational assets, or individuals.<br />
SOURCE: CNSSI-4009<br />
Practice Statement – A formal statement <strong>of</strong> the practices followed by an authentication<br />
entity (e.g., RA, CSP, or verifier); typically the specific steps taken to<br />
register and verify identities, issue credentials, and authenticate<br />
claimants.<br />
SOURCE: SP 800-63<br />
Precursor – A sign that an attacker may be preparing to cause an incident.<br />
SOURCE: SP 800-61<br />
A sign that an attacker may be preparing to cause an incident. See<br />
indicator.<br />
SOURCE: CNSSI-4009<br />
Preproduction Model – Version <strong>of</strong> INFOSEC equipment employing standard parts and<br />
suitable for complete evaluation <strong>of</strong> form, design, and performance.<br />
Preproduction models are <strong>of</strong>ten referred to as beta models.<br />
SOURCE: CNSSI-4009<br />
Primary Services Node (PRSN) – A <strong>Key</strong> Management Infrastructure core node that provides the users’<br />
central point <strong>of</strong> access to KMI products, services, and information.<br />
SOURCE: CNSSI-4009<br />
Principal – An entity whose identity can be authenticated.<br />
SOURCE: FIPS 196<br />
Pg 141