NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />
Compensating <strong>Security</strong> Control – A management, operational, and/or technical control (i.e., safeguard<br />
or countermeasure) employed by an organization in lieu <strong>of</strong> a<br />
recommended security control in the low, moderate, or high baselines<br />
that provides equivalent or comparable protection for an information<br />
system.<br />
NIST SP 800-53: A management, operational, and technical control<br />
(i.e., safeguard or countermeasure) employed by an organization in<br />
lieu <strong>of</strong> the recommended control in the baselines described in NIST<br />
Special Publication 800-53 or in CNSS Instruction 1253, that provide<br />
equivalent or comparable protection for an information system.<br />
SOURCE: CNSSI-4009<br />
Compensating <strong>Security</strong> Controls – The management, operational, and technical controls (i.e., safeguards<br />
or countermeasures) employed by an organization in lieu <strong>of</strong> the<br />
recommended controls in the low, moderate, or high baselines<br />
described in NIST Special Publication 800-53, that provide<br />
equivalent or comparable protection for an information system.<br />
SOURCE: SP 800-37<br />
The management, operational, and technical controls (i.e., safeguards<br />
or countermeasures) employed by an organization in lieu <strong>of</strong> the<br />
recommended controls in the baselines described in NIST Special<br />
Publication 800-53 and CNSS Instruction 1253, that provide<br />
equivalent or comparable protection for an information system.<br />
SOURCE: SP 800-53A; SP 800-53<br />
Comprehensive Testing – A test methodology that assumes explicit and substantial knowledge<br />
<strong>of</strong> the internal structure and implementation detail <strong>of</strong> the assessment<br />
object. Also known as white box testing.<br />
SOURCE: SP 800-53A<br />
Compromise – Disclosure <strong>of</strong> information to unauthorized persons, or a violation <strong>of</strong><br />
the security policy <strong>of</strong> a system in which unauthorized intentional or<br />
unintentional disclosure, modification, destruction, or loss <strong>of</strong> an<br />
object may have occurred.<br />
SOURCE: SP 800-32<br />
Compromise – The unauthorized disclosure, modification, substitution, or use <strong>of</strong><br />
sensitive data (including plaintext cryptographic keys and other<br />
CSPs).<br />
SOURCE: FIPS 140-2<br />
Pg 39