NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />
<strong>Security</strong> Requirements –<br />
Requirements –<br />
Requirements levied on an information system that are derived from<br />
applicable laws, Executive Orders, directives, policies, standards,<br />
instructions, regulations, or procedures, or organizational<br />
mission/business case needs to ensure the confidentiality, integrity,<br />
and availability <strong>of</strong> the information being processed, stored, or<br />
transmitted.<br />
SOURCE: FIPS 200; SP 800-53; SP 800-53A; SP 800-37; CNSSI-<br />
4009<br />
<strong>Security</strong> Requirements Baseline – Description <strong>of</strong> the minimum requirements necessary for an<br />
information system to maintain an acceptable level <strong>of</strong> risk.<br />
SOURCE: CNSSI-4009<br />
<strong>Security</strong> Requirements Traceability<br />
Matrix (SRTM) –<br />
Matrix that captures all security requirements linked to potential risks<br />
and addresses all applicable C&A requirements. It is, therefore, a<br />
correlation statement <strong>of</strong> a system’s security features and compliance<br />
methods for each security requirement.<br />
SOURCE: CNSSI-4009<br />
<strong>Security</strong> Safeguards – Protective measures and controls prescribed to meet the security<br />
requirements specified for an information system. Safeguards may<br />
include security features, management constraints, personnel<br />
security, and security <strong>of</strong> physical structures, areas, and devices.<br />
SOURCE: CNSSI-4009<br />
<strong>Security</strong> Service – A capability that supports one, or many, <strong>of</strong> the security goals.<br />
Examples <strong>of</strong> security services are key management, access control,<br />
and authentication.<br />
SOURCE: SP 800-27<br />
A capability that supports one, or more, <strong>of</strong> the security requirements<br />
(Confidentiality, Integrity, Availability). Examples <strong>of</strong> security<br />
services are key management, access control, and authentication.<br />
SOURCE: CNSSI-4009<br />
<strong>Security</strong> Specification – Detailed description <strong>of</strong> the safeguards required to protect an<br />
information system.<br />
SOURCE: CNSSI-4009<br />
<strong>Security</strong> Strength – A measure <strong>of</strong> the computational complexity associated with<br />
recovering certain secret and/or security-critical information<br />
concerning a given cryptographic algorithm from known data (e.g.<br />
plaintext/ciphertext pairs for a given encryption algorithm).<br />
SOURCE: SP 800-108<br />
Pg 175