NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
Share Embed Flag
Download ePaper

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

csrc.nist.gov
from csrc.nist.gov More from this publisher
23.03.2013 Views

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Policy Management Authority – (PMA) Body established to oversee the creation and update of Certificate Policies, review Certification Practice Statements, review the results of CA audits for policy compliance, evaluate non-domain policies for acceptance within the domain, and generally oversee and manage the PKI certificate policies. For the FBCA, the PMA is the Federal PKI Policy Authority. SOURCE: SP 800-32 Policy Mapping – Recognizing that, when a CA in one domain certifies a CA in another domain, a particular certificate policy in the second domain may be considered by the authority of the first domain to be equivalent (but not necessarily identical in all respects) to a particular certificate policy in the first domain. SOURCE: SP 800-15 Port – A physical entry or exit point of a cryptographic module that provides access to the module for physical signals, represented by logical information flows (physically separated ports do not share the same physical pin or wire). SOURCE: FIPS 140-2 Port Scanning – Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports). SOURCE: SP 800-61; CNSSI-4009 Portal – A high-level remote access architecture that is based on a server that offers teleworkers access to one or more applications through a single centralized interface. SOURCE: SP 800-46 Portable Electronic Device (PED) – Any nonstationary electronic apparatus with singular or multiple capabilities of recording, storing, and/or transmitting data, voice, video, or photo images. This includes but is not limited to laptops, personal digital assistants, pocket personal computers, palmtops, MP3 players, cellular telephones, thumb drives, video cameras, and pagers. SOURCE: CNSSI-4009 Positive Control Material – Generic term referring to a sealed authenticator system, permissive action link, coded switch system, positive enable system, or nuclear command and control documents, material, or devices. SOURCE: CNSSI-4009 Pg 140

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Potential Impact – The loss of confidentiality, integrity, or availability could be expected to have: 1) a limited adverse effect (FIPS 199 low); 2) a serious adverse effect (FIPS 199 moderate); or 3) a severe or catastrophic adverse effect (FIPS 199 high) on organizational operations, organizational assets, or individuals. SOURCE: SP 800-53; SP 800-60; SP 800-37; FIPS 199 Potential Impact – The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect; a serious adverse effect, or a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. SOURCE: FIPS 200 The loss of confidentiality, integrity, or availability that could be expected to have a limited (low) adverse effect, a serious (moderate) adverse effect, or a severe or catastrophic (high) adverse effect on organizational operations, organizational assets, or individuals. SOURCE: CNSSI-4009 Practice Statement – A formal statement of the practices followed by an authentication entity (e.g., RA, CSP, or verifier); typically the specific steps taken to register and verify identities, issue credentials, and authenticate claimants. SOURCE: SP 800-63 Precursor – A sign that an attacker may be preparing to cause an incident. SOURCE: SP 800-61 A sign that an attacker may be preparing to cause an incident. See indicator. SOURCE: CNSSI-4009 Preproduction Model – Version of INFOSEC equipment employing standard parts and suitable for complete evaluation of form, design, and performance. Preproduction models are often referred to as beta models. SOURCE: CNSSI-4009 Primary Services Node (PRSN) – A Key Management Infrastructure core node that provides the users’ central point of access to KMI products, services, and information. SOURCE: CNSSI-4009 Principal – An entity whose identity can be authenticated. SOURCE: FIPS 196 Pg 141

NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />

Potential Impact – The loss <strong>of</strong> confidentiality, integrity, or availability could be expected<br />

to have:<br />

1) a limited adverse effect (FIPS 199 low);<br />

2) a serious adverse effect (FIPS 199 moderate); or<br />

3) a severe or catastrophic adverse effect (FIPS 199 high) on<br />

organizational operations, organizational assets, or individuals.<br />

SOURCE: SP 800-53; SP 800-60; SP 800-37; FIPS 199<br />

Potential Impact – The loss <strong>of</strong> confidentiality, integrity, or availability could be expected<br />

to have a limited adverse effect; a serious adverse effect, or a severe<br />

or catastrophic adverse effect on organizational operations,<br />

organizational assets, or individuals.<br />

SOURCE: FIPS 200<br />

The loss <strong>of</strong> confidentiality, integrity, or availability that could be<br />

expected to have a limited (low) adverse effect, a serious (moderate)<br />

adverse effect, or a severe or catastrophic (high) adverse effect on<br />

organizational operations, organizational assets, or individuals.<br />

SOURCE: CNSSI-4009<br />

Practice Statement – A formal statement <strong>of</strong> the practices followed by an authentication<br />

entity (e.g., RA, CSP, or verifier); typically the specific steps taken to<br />

register and verify identities, issue credentials, and authenticate<br />

claimants.<br />

SOURCE: SP 800-63<br />

Precursor – A sign that an attacker may be preparing to cause an incident.<br />

SOURCE: SP 800-61<br />

A sign that an attacker may be preparing to cause an incident. See<br />

indicator.<br />

SOURCE: CNSSI-4009<br />

Preproduction Model – Version <strong>of</strong> INFOSEC equipment employing standard parts and<br />

suitable for complete evaluation <strong>of</strong> form, design, and performance.<br />

Preproduction models are <strong>of</strong>ten referred to as beta models.<br />

SOURCE: CNSSI-4009<br />

Primary Services Node (PRSN) – A <strong>Key</strong> Management Infrastructure core node that provides the users’<br />

central point <strong>of</strong> access to KMI products, services, and information.<br />

SOURCE: CNSSI-4009<br />

Principal – An entity whose identity can be authenticated.<br />

SOURCE: FIPS 196<br />

Pg 141

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!