NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
Share Embed Flag
Download ePaper

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

csrc.nist.gov
from csrc.nist.gov More from this publisher
23.03.2013 Views

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Communications Security – (COMSEC) A component of Information Assurance that deals with measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. COMSEC includes crypto security, transmission security, emissions security, and physical security of COMSEC material. SOURCE: CNSSI-4009 Community of Interest (COI) – A collaborative group of users who exchange information in pursuit of their shared goals, interests, missions, or business processes, and who therefore must have a shared vocabulary for the information they exchange. The group exchanges information within and between systems to include security domains. SOURCE: CNSSI-4009 Community Risk – Probability that a particular vulnerability will be exploited within an interacting population and adversely impact some members of that population. SOURCE: CNSSI-4009 Comparison – The process of comparing a biometric with a previously stored reference. SOURCE: FIPS 201 Compartmentalization – A nonhierarchical grouping of sensitive information used to control access to data more finely than with hierarchical security classification alone. SOURCE: CNSSI-4009 Compartmented Mode – Mode of operation wherein each user with direct or indirect access to a system, its peripherals, remote terminals, or remote hosts has all of the following: (1) valid security clearance for the most restricted information processed in the system; (2) formal access approval and signed nondisclosure agreements for that information which a user is to have access; and (3) valid need-to-know for information which a user is to have access. SOURCE: CNSSI-4009 Pg 38

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Compensating Security Control – A management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system. NIST SP 800-53: A management, operational, and technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of the recommended control in the baselines described in NIST Special Publication 800-53 or in CNSS Instruction 1253, that provide equivalent or comparable protection for an information system. SOURCE: CNSSI-4009 Compensating Security Controls – The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines described in NIST Special Publication 800-53, that provide equivalent or comparable protection for an information system. SOURCE: SP 800-37 The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the baselines described in NIST Special Publication 800-53 and CNSS Instruction 1253, that provide equivalent or comparable protection for an information system. SOURCE: SP 800-53A; SP 800-53 Comprehensive Testing – A test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object. Also known as white box testing. SOURCE: SP 800-53A Compromise – Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred. SOURCE: SP 800-32 Compromise – The unauthorized disclosure, modification, substitution, or use of sensitive data (including plaintext cryptographic keys and other CSPs). SOURCE: FIPS 140-2 Pg 39

NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />

Communications <strong>Security</strong> –<br />

(COMSEC)<br />

A component <strong>of</strong> <strong>Information</strong> Assurance that deals with measures and<br />

controls taken to deny unauthorized persons information derived<br />

from telecommunications and to ensure the authenticity <strong>of</strong> such<br />

telecommunications. COMSEC includes crypto security,<br />

transmission security, emissions security, and physical security <strong>of</strong><br />

COMSEC material.<br />

SOURCE: CNSSI-4009<br />

Community <strong>of</strong> Interest (COI) – A collaborative group <strong>of</strong> users who exchange information in pursuit<br />

<strong>of</strong> their shared goals, interests, missions, or business processes, and<br />

who therefore must have a shared vocabulary for the information<br />

they exchange. The group exchanges information within and<br />

between systems to include security domains.<br />

SOURCE: CNSSI-4009<br />

Community Risk – Probability that a particular vulnerability will be exploited within an<br />

interacting population and adversely impact some members <strong>of</strong> that<br />

population.<br />

SOURCE: CNSSI-4009<br />

Comparison – The process <strong>of</strong> comparing a biometric with a previously stored<br />

reference.<br />

SOURCE: FIPS 201<br />

Compartmentalization – A nonhierarchical grouping <strong>of</strong> sensitive information used to control<br />

access to data more finely than with hierarchical security<br />

classification alone.<br />

SOURCE: CNSSI-4009<br />

Compartmented Mode – Mode <strong>of</strong> operation wherein each user with direct or indirect access to<br />

a system, its peripherals, remote terminals, or remote hosts has all <strong>of</strong><br />

the following: (1) valid security clearance for the most restricted<br />

information processed in the system; (2) formal access approval and<br />

signed nondisclosure agreements for that information which a user is<br />

to have access; and (3) valid need-to-know for information which a<br />

user is to have access.<br />

SOURCE: CNSSI-4009<br />

Pg 38

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!