NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Subject Security Level – Sensitivity label(s) of the objects to which the subject has both read and write access. Security level of a subject must always be dominated by the clearance level of the user associated with the subject. SOURCE: CNSSI-4009 Subordinate Certification Authority – In a hierarchical PKI, a Certification Authority whose certificate signature key is certified by another CA, and whose activities are constrained by that other CA. SOURCE: SP 800-32; CNSSI-4009 Subscriber – A party who receives a credential or token from a CSP (Credentials Service Provider) and becomes a claimant in an authentication protocol. SOURCE: SP 800-63; CNSSI-4009 Subsystem – A major subdivision or component of an information system consisting of information, information technology, and personnel that perform one or more specific functions. SOURCE: SP 800-53; SP 800-53A; SP 800-37 Suite A – A specific set of classified cryptographic algorithms used for the protection of some categories of restricted mission-critical information. SOURCE: CNSSI-4009 Suite B – A specific set of cryptographic algorithms suitable for protecting national security systems and information throughout the U.S. government and to support interoperability with allies and coalition partners. SOURCE: CNSSI-4009, as modified Superencryption – Process of encrypting encrypted information. Occurs when a message, encrypted off-line, is transmitted over a secured, online circuit, or when information encrypted by the originator is multiplexed onto a communications trunk, which is then bulk encrypted. SOURCE: CNSSI-4009 Superior Certification Authority – In a hierarchical PKI, a Certification Authority who has certified the certificate signature key of another CA, and who constrains the activities of that CA. SOURCE: SP 800-32; CNSSI-4009 Pg 184
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Supersession – Scheduled or unscheduled replacement of COMSEC material with a different edition. SOURCE: CNSSI-4009 Supervisory Control and Data Acquisition (SCADA) – Supplementation (Assessment Procedures) – Supplementation (Security Controls) – A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (delays, data integrity, etc.) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated. SOURCE: SP 800-82 Networks or systems generally used for industrial controls or to manage infrastructure such as pipelines and power systems. SOURCE: CNSSI-4009 The process of adding assessment procedures or assessment details to assessment procedures in order to adequately meet the organization’s risk management needs. SOURCE: SP 800-53A The process of adding security controls or control enhancements to a security control baseline from NIST Special Publication 800-53 or CNSS Instruction 1253 in order to adequately meet the organization’s risk management needs. SOURCE: SP 800-53A Supply Chain – A system of organizations, people, activities, information, and resources, possibly international in scope, that provides products or services to consumers. SOURCE: SP 800-53; CNSSI-4009 Supply Chain Attack – Attacks that allow the adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, software, operating systems, peripherals (information technology products) or services at any point during the life cycle. SOURCE: CNSSI-4009 Suppression Measure – Action, procedure, modification, or device that reduces the level of, or inhibits the generation of, compromising emanations in an information system. SOURCE: CNSSI-4009 Surrogate Access – See Discretionary Access Control. Pg 185
- Page 134 and 135: NIST IR 7298 Revision 1, Glossary o
- Page 136 and 137: NIST IR 7298 Revision 1, Glossary o
- Page 138 and 139: NIST IR 7298 Revision 1, Glossary o
- Page 140 and 141: NIST IR 7298 Revision 1, Glossary o
- Page 142 and 143: NIST IR 7298 Revision 1, Glossary o
- Page 144 and 145: NIST IR 7298 Revision 1, Glossary o
- Page 146 and 147: NIST IR 7298 Revision 1, Glossary o
- Page 148 and 149: NIST IR 7298 Revision 1, Glossary o
- Page 150 and 151: NIST IR 7298 Revision 1, Glossary o
- Page 152 and 153: NIST IR 7298 Revision 1, Glossary o
- Page 154 and 155: NIST IR 7298 Revision 1, Glossary o
- Page 156 and 157: NIST IR 7298 Revision 1, Glossary o
- Page 158 and 159: NIST IR 7298 Revision 1, Glossary o
- Page 160 and 161: NIST IR 7298 Revision 1, Glossary o
- Page 162 and 163: NIST IR 7298 Revision 1, Glossary o
- Page 164 and 165: NIST IR 7298 Revision 1, Glossary o
- Page 166 and 167: NIST IR 7298 Revision 1, Glossary o
- Page 168 and 169: NIST IR 7298 Revision 1, Glossary o
- Page 170 and 171: NIST IR 7298 Revision 1, Glossary o
- Page 172 and 173: NIST IR 7298 Revision 1, Glossary o
- Page 174 and 175: NIST IR 7298 Revision 1, Glossary o
- Page 176 and 177: NIST IR 7298 Revision 1, Glossary o
- Page 178 and 179: NIST IR 7298 Revision 1, Glossary o
- Page 180 and 181: NIST IR 7298 Revision 1, Glossary o
- Page 182 and 183: NIST IR 7298 Revision 1, Glossary o
- Page 186 and 187: NIST IR 7298 Revision 1, Glossary o
- Page 188 and 189: NIST IR 7298 Revision 1, Glossary o
- Page 190 and 191: NIST IR 7298 Revision 1, Glossary o
- Page 192 and 193: NIST IR 7298 Revision 1, Glossary o
- Page 194 and 195: NIST IR 7298 Revision 1, Glossary o
- Page 196 and 197: NIST IR 7298 Revision 1, Glossary o
- Page 198 and 199: NIST IR 7298 Revision 1, Glossary o
- Page 200 and 201: NIST IR 7298 Revision 1, Glossary o
- Page 202 and 203: NIST IR 7298 Revision 1, Glossary o
- Page 204 and 205: NIST IR 7298 Revision 1, Glossary o
- Page 206 and 207: NIST IR 7298 Revision 1, Glossary o
- Page 208 and 209: NIST IR 7298 Revision 1, Glossary o
- Page 210 and 211: NIST IR 7298, Glossary of Key Infor
NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />
Supersession – Scheduled or unscheduled replacement <strong>of</strong> COMSEC material with a<br />
different edition.<br />
SOURCE: CNSSI-4009<br />
Supervisory Control and Data<br />
Acquisition (SCADA) –<br />
Supplementation (Assessment<br />
Procedures) –<br />
Supplementation<br />
(<strong>Security</strong> Controls) –<br />
A generic name for a computerized system that is capable <strong>of</strong><br />
gathering and processing data and applying operational controls over<br />
long distances. Typical uses include power transmission and<br />
distribution and pipeline systems. SCADA was designed for the<br />
unique communication challenges (delays, data integrity, etc.) posed<br />
by the various media that must be used, such as phone lines,<br />
microwave, and satellite. Usually shared rather than dedicated.<br />
SOURCE: SP 800-82<br />
Networks or systems generally used for industrial controls or to<br />
manage infrastructure such as pipelines and power systems.<br />
SOURCE: CNSSI-4009<br />
The process <strong>of</strong> adding assessment procedures or assessment details to<br />
assessment procedures in order to adequately meet the organization’s<br />
risk management needs.<br />
SOURCE: SP 800-53A<br />
The process <strong>of</strong> adding security controls or control enhancements to a<br />
security control baseline from NIST Special Publication 800-53 or<br />
CNSS Instruction 1253 in order to adequately meet the organization’s<br />
risk management needs.<br />
SOURCE: SP 800-53A<br />
Supply Chain – A system <strong>of</strong> organizations, people, activities, information, and<br />
resources, possibly international in scope, that provides products or<br />
services to consumers.<br />
SOURCE: SP 800-53; CNSSI-4009<br />
Supply Chain Attack – Attacks that allow the adversary to utilize implants or other<br />
vulnerabilities inserted prior to installation in order to infiltrate data,<br />
or manipulate information technology hardware, s<strong>of</strong>tware, operating<br />
systems, peripherals (information technology products) or services at<br />
any point during the life cycle.<br />
SOURCE: CNSSI-4009<br />
Suppression Measure – Action, procedure, modification, or device that reduces the level <strong>of</strong>,<br />
or inhibits the generation <strong>of</strong>, compromising emanations in an<br />
information system.<br />
SOURCE: CNSSI-4009<br />
Surrogate Access – See Discretionary Access Control.<br />
Pg 185