NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

More documents

Recommendations

Info

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Examine – A type of assessment method that is characterized by the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence, the results of which are used to support the determination of security control effectiveness over time. SOURCE: SP 800-53A Exculpatory Evidence – Evidence that tends to decrease the likelihood of fault or guilt. SOURCE: SP 800-72 Executive Agency – An executive department specified in 5 United States Code (U.S.C.), Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned government corporation fully subject to the provisions of 31 U.S.C., Chapter 91. SOURCE: SP 800-53; SP 800-37; FIPS 200; FIPS 199; 41 U.S.C., Sec. 403; CNSSI-4009 Exercise Key – Cryptographic key material used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises. SOURCE: CNSSI-4009 Exploit Code – A program that allows attackers to automatically break into a system. SOURCE: SP 800-40 Exploitable Channel – Channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base. See covert channel. SOURCE: CNSSI-4009 External Information System (or Component) – External Information System Service – An information system or component of an information system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness. SOURCE: SP 800-37; SP 800-53; CNSSI-4009 An information system service that is implemented outside of the authorization boundary of the organizational information system (i.e., a service that is used by, but not a part of, the organizational information system) and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness. SOURCE: SP 800-53; SP 800-37; CNSSI-4009 Pg 72
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms External Information System Service Provider – A provider of external information system services to an organization through a variety of consumer-producer relationships, including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain exchanges. SOURCE: SP 800-37; SP 800-53 External Network – A network not controlled by the organization. SOURCE: SP 800-53; CNSSI-4009 External Security Testing – Security testing conducted from outside the organization’s security perimeter. SOURCE: SP 800-115 Extraction Resistance – Capability of crypto-equipment or secure telecommunications equipment to resist efforts to extract key. SOURCE: CNSSI-4009 Extranet – A private network that uses Web technology, permitting the sharing of portions of an enterprise’s information or operations with suppliers, vendors, partners, customers, or other enterprises. SOURCE: CNSSI-4009 Fail Safe – Automatic protection of programs and/or processing systems when hardware or software failure is detected. SOURCE: CNSSI-4009 Fail Soft – Selective termination of affected nonessential processing when hardware or software failure is determined to be imminent. SOURCE: CNSSI-4009 Failover – The capability to switch over automatically (typically without human intervention or warning) to a redundant or standby information system upon the failure or abnormal termination of the previously active system. SOURCE: SP 800-53; CNSSI-4009 Failure Access – Type of incident in which unauthorized access to data results from hardware or software failure. SOURCE: CNSSI-4009 Failure Control – Methodology used to detect imminent hardware or software failure and provide fail safe or fail soft recovery. SOURCE: CNSSI-4009 Pg 73
Page 2 and 3:
NIST IR 7298 Revision 1 Glossary of
Page 4 and 5:
NIST IR 7298 Revision 1, Glossary o
Page 6 and 7:
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23: NIST IR 7298 Revision 1, Glossary o
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
NIST IR 7298, Glossary of Key Infor
show all

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?