NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

More documents

Recommendations

Info

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms A means of restricting access to objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). SOURCE: CNSSI-4009 Disk Imaging – Generating a bit-for-bit copy of the original media, including free space and slack space. SOURCE: SP 800-86 Disruption – An unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction). SOURCE: CNSSI-4009 An unplanned event that causes an information system to be inoperable for a length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction). SOURCE: SP 800-34 Distinguished Name (DN) – A unique name or character string that unambiguously identifies an entity according to the hierarchical naming conventions of X.500 directory service. SOURCE: CNSSI-4009 Distinguishing Identifier – Information which unambiguously distinguishes an entity in the authentication process. SOURCE: FIPS 196; CNSSI-4009 Distributed Denial of Service – (DDoS) DMZ – See Demilitarized Zone. A Denial of Service technique that uses numerous hosts to perform the attack. SOURCE: SP 800-61; CNSSI-4009 Domain – A set of subjects, their information objects, and a common security policy. SOURCE: SP 800-27 Pg 64
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms An environment or context that includes a set of system resources and a set of system entities that have the right to access the resources as defined by a common security policy, security model, or security architecture. See Security Domain. SOURCE: CNSSI-4009; SP 800-53; SP 800-37 Drop Accountability – Procedure under which a COMSEC account custodian initially receipts for COMSEC material, and provides no further accounting for it to its central office of record. Local accountability of the COMSEC material may continue to be required. See accounting legend code. SOURCE: CNSSI-4009 Dual-Use Certificate – A certificate that is intended for use with both digital signature and data encryption services. SOURCE: SP 800-32 Due Care – The responsibility that managers and their organizations have a duty to provide for information security to ensure that the type of control, the cost of control, and the deployment of control are appropriate for the system being managed. SOURCE: SP 800-30 Duplicate Digital Evidence – A duplicate is an accurate digital reproduction of all data objects contained on the original physical item and associated media. SOURCE: SP 800-72 Duration – A field within a certificate that is composed of two subfields; “date of issue” and “date of next issue.” SOURCE: SP 800-32 Dynamic Subsystem – A subsystem that is not continually present during the execution phase of an information system. Service-oriented architectures and cloud computing architectures are examples of architectures that employ dynamic subsystems. SOURCE: SP 800-37 E-Government (e-gov) – The use by the U.S. government of Web-based Internet applications and other information technology. SOURCE: CNSSI-4009 Pg 65
Page 2 and 3:
NIST IR 7298 Revision 1 Glossary of
Page 4 and 5:
NIST IR 7298 Revision 1, Glossary o
Page 6 and 7:
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15: NIST IR 7298 Revision 1, Glossary o
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
NIST IR 7298, Glossary of Key Infor
show all

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

Create successful ePaper yourself

Delete template?

Save as template?