NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
Share Embed Flag
Download ePaper

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

csrc.nist.gov
from csrc.nist.gov More from this publisher
23.03.2013 Views

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Subject Security Level – Sensitivity label(s) of the objects to which the subject has both read and write access. Security level of a subject must always be dominated by the clearance level of the user associated with the subject. SOURCE: CNSSI-4009 Subordinate Certification Authority – In a hierarchical PKI, a Certification Authority whose certificate signature key is certified by another CA, and whose activities are constrained by that other CA. SOURCE: SP 800-32; CNSSI-4009 Subscriber – A party who receives a credential or token from a CSP (Credentials Service Provider) and becomes a claimant in an authentication protocol. SOURCE: SP 800-63; CNSSI-4009 Subsystem – A major subdivision or component of an information system consisting of information, information technology, and personnel that perform one or more specific functions. SOURCE: SP 800-53; SP 800-53A; SP 800-37 Suite A – A specific set of classified cryptographic algorithms used for the protection of some categories of restricted mission-critical information. SOURCE: CNSSI-4009 Suite B – A specific set of cryptographic algorithms suitable for protecting national security systems and information throughout the U.S. government and to support interoperability with allies and coalition partners. SOURCE: CNSSI-4009, as modified Superencryption – Process of encrypting encrypted information. Occurs when a message, encrypted off-line, is transmitted over a secured, online circuit, or when information encrypted by the originator is multiplexed onto a communications trunk, which is then bulk encrypted. SOURCE: CNSSI-4009 Superior Certification Authority – In a hierarchical PKI, a Certification Authority who has certified the certificate signature key of another CA, and who constrains the activities of that CA. SOURCE: SP 800-32; CNSSI-4009 Pg 184

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Supersession – Scheduled or unscheduled replacement of COMSEC material with a different edition. SOURCE: CNSSI-4009 Supervisory Control and Data Acquisition (SCADA) – Supplementation (Assessment Procedures) – Supplementation (Security Controls) – A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (delays, data integrity, etc.) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated. SOURCE: SP 800-82 Networks or systems generally used for industrial controls or to manage infrastructure such as pipelines and power systems. SOURCE: CNSSI-4009 The process of adding assessment procedures or assessment details to assessment procedures in order to adequately meet the organization’s risk management needs. SOURCE: SP 800-53A The process of adding security controls or control enhancements to a security control baseline from NIST Special Publication 800-53 or CNSS Instruction 1253 in order to adequately meet the organization’s risk management needs. SOURCE: SP 800-53A Supply Chain – A system of organizations, people, activities, information, and resources, possibly international in scope, that provides products or services to consumers. SOURCE: SP 800-53; CNSSI-4009 Supply Chain Attack – Attacks that allow the adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, software, operating systems, peripherals (information technology products) or services at any point during the life cycle. SOURCE: CNSSI-4009 Suppression Measure – Action, procedure, modification, or device that reduces the level of, or inhibits the generation of, compromising emanations in an information system. SOURCE: CNSSI-4009 Surrogate Access – See Discretionary Access Control. Pg 185

NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />

Subject <strong>Security</strong> Level – Sensitivity label(s) <strong>of</strong> the objects to which the subject has both read<br />

and write access. <strong>Security</strong> level <strong>of</strong> a subject must always be<br />

dominated by the clearance level <strong>of</strong> the user associated with the<br />

subject.<br />

SOURCE: CNSSI-4009<br />

Subordinate Certification<br />

Authority –<br />

In a hierarchical PKI, a Certification Authority whose certificate<br />

signature key is certified by another CA, and whose activities are<br />

constrained by that other CA.<br />

SOURCE: SP 800-32; CNSSI-4009<br />

Subscriber – A party who receives a credential or token from a CSP (Credentials<br />

Service Provider) and becomes a claimant in an authentication<br />

protocol.<br />

SOURCE: SP 800-63; CNSSI-4009<br />

Subsystem – A major subdivision or component <strong>of</strong> an information system<br />

consisting <strong>of</strong> information, information technology, and personnel that<br />

perform one or more specific functions.<br />

SOURCE: SP 800-53; SP 800-53A; SP 800-37<br />

Suite A – A specific set <strong>of</strong> classified cryptographic algorithms used for the<br />

protection <strong>of</strong> some categories <strong>of</strong> restricted mission-critical<br />

information.<br />

SOURCE: CNSSI-4009<br />

Suite B – A specific set <strong>of</strong> cryptographic algorithms suitable for protecting<br />

national security systems and information throughout the U.S.<br />

government and to support interoperability with allies and coalition<br />

partners.<br />

SOURCE: CNSSI-4009, as modified<br />

Superencryption – Process <strong>of</strong> encrypting encrypted information. Occurs when a<br />

message, encrypted <strong>of</strong>f-line, is transmitted over a secured, online<br />

circuit, or when information encrypted by the originator is<br />

multiplexed onto a communications trunk, which is then bulk<br />

encrypted.<br />

SOURCE: CNSSI-4009<br />

Superior Certification Authority – In a hierarchical PKI, a Certification Authority who has certified the<br />

certificate signature key <strong>of</strong> another CA, and who constrains the<br />

activities <strong>of</strong> that CA.<br />

SOURCE: SP 800-32; CNSSI-4009<br />

Pg 184

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!