NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

23.03.2013 Views
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Contingency Plan – Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability. The Contingency Plan is the first plan used by the enterprise risk managers to determine what happened, why, and what to do. It may point to the Continuity of Operations Plan (COOP) or Disaster Recovery Plan for major disruptions. SOURCE: CNSSI-4009 Continuity of Government (COG) – Continuity of Operations Plan – (COOP) See also Information System Contingency Plan. A coordinated effort within the federal government's executive branch to ensure that national essential functions continue to be performed during a catastrophic emergency. SOURCE: CNSSI-4009 A predetermined set of instructions or procedures that describe how an organization’s mission-essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations. SOURCE: SP 800-34 Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities. The COOP is the third plan needed by the enterprise risk managers and is used when the enterprise must recover (often at an alternate site) for a specified period of time. Defines the activities of individual departments and agencies and their sub-components to ensure that their essential functions are performed. This includes plans and procedures that delineate essential functions; specifies succession to office and the emergency delegation of authority; provide for the safekeeping of vital records and databases; identify alternate operating facilities; provide for interoperable communications, and validate the capability through tests, training, and exercises. See also Disaster Recovery Plan and Contingency Plan. SOURCE: CNSSI-4009 Continuous Monitoring – The process implemented to maintain a current security status for one or more information systems or for the entire suite of information systems on which the operational mission of the enterprise depends. The process includes: 1) he development of a strategy to regularly evaluate selected IA controls/metrics, 2) Recording and evaluating IA relevant events and the effectiveness of the enterprise in dealing with those events, 3) Recording changes to IA controls, or changes that affect IA risks, and 4) Publishing the current security status to enable information-sharing decisions involving the enterprise. SOURCE: CNSSI-4009 Pg 46

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Control Information – Information that is entered into a cryptographic module for the purposes of directing the operation of the module. SOURCE: FIPS 140-2 Controlled Access Area – Physical area (e.g., building, room, etc.) to which only authorized personnel are granted unrestricted access. All other personnel are either escorted by authorized personnel or are under continuous surveillance. SOURCE: CNSSI-4009 Controlled Access Protection – Minimum set of security functionality that enforces access control on individual users and makes them accountable for their actions through login procedures, auditing of security-relevant events, and resource isolation. SOURCE: CNSSI-4009 Controlled Area – Any area or space for which the organization has confidence that the physical and procedural protections provided are sufficient to meet the requirements established for protecting the information and/or information system. SOURCE: SP 800-53 Controlled Cryptographic Item – (CCI) Controlled Cryptographic Item (CCI) Assembly – Controlled Cryptographic Item (CCI) Component – Controlled Cryptographic Item (CCI) Equipment – Secure telecommunications or information system, or associated cryptographic component, that is unclassified and handled through the COMSEC Material Control System (CMCS), an equivalent material control system, or a combination of the two that provides accountability and visibility. Such items are marked “Controlled Cryptographic Item,” or, where space is limited, “CCI”. SOURCE: CNSSI-4009 Device embodying a cryptographic logic or other COMSEC design that NSA has approved as a Controlled Cryptographic Item (CCI). It performs the entire COMSEC function, but depends upon the host equipment to operate. SOURCE: CNSSI-4009 Part of a Controlled Cryptographic Item (CCI) that does not perform the entire COMSEC function but depends upon the host equipment, or assembly, to complete and operate the COMSEC function. SOURCE: CNSSI-4009 Telecommunications or information handling equipment that embodies a Controlled Cryptographic Item (CCI) component or CCI assembly and performs the entire COMSEC function without dependence on host equipment to operate. SOURCE: CNSSI-4009 Pg 47

Page 2 and 3: NIST IR 7298 Revision 1 Glossary of

Page 4 and 5: NIST IR 7298 Revision 1, Glossary o






































































































Page 210 and 211: NIST IR 7298, Glossary of Key Infor

cryptographic

fips

nist

glossary

revision

authentication

comsec

software

controls

entity

nistir

csrc.nist.gov

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms ... View more NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

Delete template?

Save as template ?

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms