NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Principal Accrediting Authority – (PAA) Principal Certification Authority – (CA) Senior official with authority and responsibility for all intelligence systems within an agency. SOURCE: CNSSI-4009 The Principal Certification Authority is a CA designated by an agency to interoperate with the FBCA. An agency may designate multiple Principal CAs to interoperate with the FBCA. SOURCE: SP 800-32 Print Suppression – Eliminating the display of characters in order to preserve their secrecy. SOURCE: CNSSI-4009 Privacy – Restricting access to subscriber or Relying Party information in accordance with federal law and agency policy. SOURCE: SP 800-32 Privacy Impact Assessment (PIA) – An analysis of how information is handled: 1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; 2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and 3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks. SOURCE: SP 800-53; SP 800-18; SP 800-122; CNSSI-4009; OMB Memorandum 03-22 Privacy System – Commercial encryption system that affords telecommunications limited protection to deter a casual listener, but cannot withstand a technically competent cryptanalytic attack. SOURCE: CNSSI-4009 Private Key – The secret part of an asymmetric key pair that is typically used to digitally sign or decrypt data. SOURCE: SP 800-63 Pg 142
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Private Key – A cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and is not made public. In an asymmetric (public) cryptosystem, the private key is associated with a public key. Depending on the algorithm, the private key may be used to— 1) Compute the corresponding public key, 2) Compute a digital signature that may be verified by the corresponding public key, 3) Decrypt data that was encrypted by the corresponding public key, or 4) Compute a piece of common shared data, together with other information. SOURCE: SP 800-57 Private Key – A cryptographic key used with a public key cryptographic algorithm, which is uniquely associated with an entity, and not made public; it is used to generate a digital signature; this key is mathematically linked with a corresponding public key. SOURCE: FIPS 196 Private Key – A cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and is not made public. SOURCE: FIPS 140-2 In an asymmetric cryptography scheme, the private or secret key of a key pair which must be kept confidential and is used to decrypt messages encrypted with the public key or to digitally sign messages, which can then be validated with the public key. SOURCE: CNSSI-4009 Privilege – A right granted to an individual, a program, or a process. SOURCE: CNSSI-4009 Privilege Management – The definition and management of policies and processes that define the ways in which the user is provided access rights to enterprise systems. It governs the management of the data that constitutes the user’s privileges and other attributes, including the storage, organization and access to information in directories. SOURCE: NISTIR 7657 Privileged Account – An information system account with approved authorizations of a privileged user. SOURCE: CNSSI-4009 Pg 143
- Page 92 and 93: NIST IR 7298 Revision 1, Glossary o
- Page 94 and 95: NIST IR 7298 Revision 1, Glossary o
- Page 96 and 97: NIST IR 7298 Revision 1, Glossary o
- Page 98 and 99: NIST IR 7298 Revision 1, Glossary o
- Page 100 and 101: NIST IR 7298 Revision 1, Glossary o
- Page 102 and 103: NIST IR 7298 Revision 1, Glossary o
- Page 104 and 105: NIST IR 7298 Revision 1, Glossary o
- Page 106 and 107: NIST IR 7298 Revision 1, Glossary o
- Page 108 and 109: NIST IR 7298 Revision 1, Glossary o
- Page 110 and 111: NIST IR 7298 Revision 1, Glossary o
- Page 112 and 113: NIST IR 7298 Revision 1, Glossary o
- Page 114 and 115: NIST IR 7298 Revision 1, Glossary o
- Page 116 and 117: NIST IR 7298 Revision 1, Glossary o
- Page 118 and 119: NIST IR 7298 Revision 1, Glossary o
- Page 120 and 121: NIST IR 7298 Revision 1, Glossary o
- Page 122 and 123: NIST IR 7298 Revision 1, Glossary o
- Page 124 and 125: NIST IR 7298 Revision 1, Glossary o
- Page 126 and 127: NIST IR 7298 Revision 1, Glossary o
- Page 128 and 129: NIST IR 7298 Revision 1, Glossary o
- Page 130 and 131: NIST IR 7298 Revision 1, Glossary o
- Page 132 and 133: NIST IR 7298 Revision 1, Glossary o
- Page 134 and 135: NIST IR 7298 Revision 1, Glossary o
- Page 136 and 137: NIST IR 7298 Revision 1, Glossary o
- Page 138 and 139: NIST IR 7298 Revision 1, Glossary o
- Page 140 and 141: NIST IR 7298 Revision 1, Glossary o
- Page 144 and 145: NIST IR 7298 Revision 1, Glossary o
- Page 146 and 147: NIST IR 7298 Revision 1, Glossary o
- Page 148 and 149: NIST IR 7298 Revision 1, Glossary o
- Page 150 and 151: NIST IR 7298 Revision 1, Glossary o
- Page 152 and 153: NIST IR 7298 Revision 1, Glossary o
- Page 154 and 155: NIST IR 7298 Revision 1, Glossary o
- Page 156 and 157: NIST IR 7298 Revision 1, Glossary o
- Page 158 and 159: NIST IR 7298 Revision 1, Glossary o
- Page 160 and 161: NIST IR 7298 Revision 1, Glossary o
- Page 162 and 163: NIST IR 7298 Revision 1, Glossary o
- Page 164 and 165: NIST IR 7298 Revision 1, Glossary o
- Page 166 and 167: NIST IR 7298 Revision 1, Glossary o
- Page 168 and 169: NIST IR 7298 Revision 1, Glossary o
- Page 170 and 171: NIST IR 7298 Revision 1, Glossary o
- Page 172 and 173: NIST IR 7298 Revision 1, Glossary o
- Page 174 and 175: NIST IR 7298 Revision 1, Glossary o
- Page 176 and 177: NIST IR 7298 Revision 1, Glossary o
- Page 178 and 179: NIST IR 7298 Revision 1, Glossary o
- Page 180 and 181: NIST IR 7298 Revision 1, Glossary o
- Page 182 and 183: NIST IR 7298 Revision 1, Glossary o
- Page 184 and 185: NIST IR 7298 Revision 1, Glossary o
- Page 186 and 187: NIST IR 7298 Revision 1, Glossary o
- Page 188 and 189: NIST IR 7298 Revision 1, Glossary o
- Page 190 and 191: NIST IR 7298 Revision 1, Glossary o
NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />
Principal Accrediting Authority –<br />
(PAA)<br />
Principal Certification Authority –<br />
(CA)<br />
Senior <strong>of</strong>ficial with authority and responsibility for all intelligence<br />
systems within an agency.<br />
SOURCE: CNSSI-4009<br />
The Principal Certification Authority is a CA designated by an<br />
agency to interoperate with the FBCA. An agency may designate<br />
multiple Principal CAs to interoperate with the FBCA.<br />
SOURCE: SP 800-32<br />
Print Suppression – Eliminating the display <strong>of</strong> characters in order to preserve their<br />
secrecy.<br />
SOURCE: CNSSI-4009<br />
Privacy – Restricting access to subscriber or Relying Party information in<br />
accordance with federal law and agency policy.<br />
SOURCE: SP 800-32<br />
Privacy Impact Assessment (PIA) –<br />
An analysis <strong>of</strong> how information is handled: 1) to ensure handling<br />
conforms to applicable legal, regulatory, and policy requirements<br />
regarding privacy; 2) to determine the risks and effects <strong>of</strong> collecting,<br />
maintaining, and disseminating information in identifiable form in an<br />
electronic information system; and 3) to examine and evaluate<br />
protections and alternative processes for handling information to<br />
mitigate potential privacy risks.<br />
SOURCE: SP 800-53; SP 800-18; SP 800-122; CNSSI-4009; OMB<br />
Memorandum 03-22<br />
Privacy System – Commercial encryption system that affords telecommunications<br />
limited protection to deter a casual listener, but cannot withstand a<br />
technically competent cryptanalytic attack.<br />
SOURCE: CNSSI-4009<br />
Private <strong>Key</strong> – The secret part <strong>of</strong> an asymmetric key pair that is typically used to<br />
digitally sign or decrypt data.<br />
SOURCE: SP 800-63<br />
Pg 142