NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />
<strong>Security</strong> Banner –<br />
A banner at the top or bottom <strong>of</strong> a computer screen that states the<br />
overall classification <strong>of</strong> the system in large, bold type. Also can refer<br />
to the opening screen that informs users <strong>of</strong> the security implications<br />
<strong>of</strong> accessing a computer resource.<br />
SOURCE: CNSSI-4009<br />
<strong>Security</strong> Categorization – The process <strong>of</strong> determining the security category for information or<br />
an information system. See <strong>Security</strong> Category.<br />
SOURCE: SP 800-53<br />
<strong>Security</strong> Category –<br />
<strong>Security</strong> Concept <strong>of</strong> Operations –<br />
(<strong>Security</strong> CONOP)<br />
<strong>Security</strong> Content Automation<br />
Protocol (SCAP) –<br />
The process <strong>of</strong> determining the security category for information<br />
or an information system. <strong>Security</strong> categorization methodologies<br />
are described in CNSS Instruction 1253 for national security<br />
systems and in FIPS 199 for other than national security systems.<br />
SOURCE: SP 800-37; SP 800-53A<br />
The characterization <strong>of</strong> information or an information system based<br />
on an assessment <strong>of</strong> the potential impact that a loss <strong>of</strong> confidentiality,<br />
integrity, or availability <strong>of</strong> such information or information system<br />
would have on organizational operations, organizational assets, or<br />
individuals.<br />
SOURCE: FIPS 200; FIPS 199; SP 800-18<br />
The characterization <strong>of</strong> information or an information system based<br />
on an assessment <strong>of</strong> the potential impact that a loss <strong>of</strong> confidentiality,<br />
integrity, or availability <strong>of</strong> such information or information system<br />
would have on organizational operations, organizational assets,<br />
individuals, other organizations, and the Nation.<br />
SOURCE: SP 800-53; CNSSI-4009; SP 800-60<br />
A security-focused description <strong>of</strong> an information system, its<br />
operational policies, classes <strong>of</strong> users, interactions between the system<br />
and its users, and the system’s contribution to the operational<br />
mission.<br />
SOURCE: CNSSI-4009<br />
A method for using specific standardized testing methods to enable<br />
automated vulnerability management, measurement, and policy<br />
compliance evaluation against a standardized set <strong>of</strong> security<br />
requirements.<br />
SOURCE: CNSSI-4009<br />
Pg 169