NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

23.03.2013 Views
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Wireless Application Protocol – (WAP) A standard that defines the way in which Internet communications and other advanced services are provided on wireless mobile devices. SOURCE: CNSSI-4009 Wireless Technology – Technology that permits the transfer of information between separated points without physical connection. Note: Currently wireless technologies use infrared, acoustic, radio frequency, and optical. SOURCE: CNSSI-4009 Work Factor – Estimate of the effort or time needed by a potential perpetrator, with specified expertise and resources, to overcome a protective measure. SOURCE: CNSSI-4009 Workcraft Identity – Synonymous with Tradecraft Identity. SOURCE: CNSSI-4009 Worm – A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. See malicious code. SOURCE: SP 800-61; CNSSI-4009 Write – Fundamental operation in an information system that results only in the flow of information from a subject to an object. See access type. SOURCE: CNSSI-4009 Write Access – Permission to write to an object in an information system. SOURCE: CNSSI-4009 Write-Blocker – A device that allows investigators to examine media while preventing data writes from occurring on the subject media. SOURCE: SP 800-72 X.509 Certificate – The International Organization for Standardization/International Telecommunication Union – Standardization Department (ISO/ITU- T) X.509 standard defined two types of certificates – the X.509 public key certificate and the X.509 attribute certificate. Most commonly, an X.509 certificate refers to the X.509 public key certificate. SOURCE: SP 800-57 Pg 208

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms X.509 Public Key Certificate – The public key for a user (or device) and a name for the user (or device), together with some other information, rendered unforgeable by the digital signature of the certification authority that issued the certificate, encoded in the format defined in the ISO/ITU-T X.509 standard. SOURCE: SP 800-57; CNSSI-4009 adapted Zero Fill – To fill unused storage locations in an information system with the representation of the character denoting "0." SOURCE: CNSSI-4009 Zeroization – A method of erasing electronically stored data, cryptographic keys, and CSPs by altering or deleting the contents of the data storage to prevent recovery of the data. SOURCE: FIPS 140-2 A method of erasing electronically stored data, cryptographic keys, and Credentials Service Providers (CSPs) by altering or deleting the contents of the data storage to prevent recovery of the data. SOURCE: CNSSI-4009 Zeroize – To remove or eliminate the key from a cryptographic equipment or fill device. SOURCE: CNSSI-4009 Zombie – A program that is installed on a system to cause it to attack other systems. SOURCE: SP 800-83 Zone Of Control – Three-dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists. SOURCE: CNSSI-4009 Pg 209

Page 2 and 3: NIST IR 7298 Revision 1 Glossary of

Page 4 and 5: NIST IR 7298 Revision 1, Glossary o






































































































Page 210 and 211: NIST IR 7298, Glossary of Key Infor

cryptographic

fips

nist

glossary

revision

authentication

comsec

software

controls

entity

nistir

csrc.nist.gov

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms ... View more NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

Delete template?

Save as template ?

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms