NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Examine – A type of assessment method that is characterized by the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence, the results of which are used to support the determination of security control effectiveness over time. SOURCE: SP 800-53A Exculpatory Evidence – Evidence that tends to decrease the likelihood of fault or guilt. SOURCE: SP 800-72 Executive Agency – An executive department specified in 5 United States Code (U.S.C.), Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned government corporation fully subject to the provisions of 31 U.S.C., Chapter 91. SOURCE: SP 800-53; SP 800-37; FIPS 200; FIPS 199; 41 U.S.C., Sec. 403; CNSSI-4009 Exercise Key – Cryptographic key material used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises. SOURCE: CNSSI-4009 Exploit Code – A program that allows attackers to automatically break into a system. SOURCE: SP 800-40 Exploitable Channel – Channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base. See covert channel. SOURCE: CNSSI-4009 External Information System (or Component) – External Information System Service – An information system or component of an information system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness. SOURCE: SP 800-37; SP 800-53; CNSSI-4009 An information system service that is implemented outside of the authorization boundary of the organizational information system (i.e., a service that is used by, but not a part of, the organizational information system) and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness. SOURCE: SP 800-53; SP 800-37; CNSSI-4009 Pg 72
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms External Information System Service Provider – A provider of external information system services to an organization through a variety of consumer-producer relationships, including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain exchanges. SOURCE: SP 800-37; SP 800-53 External Network – A network not controlled by the organization. SOURCE: SP 800-53; CNSSI-4009 External Security Testing – Security testing conducted from outside the organization’s security perimeter. SOURCE: SP 800-115 Extraction Resistance – Capability of crypto-equipment or secure telecommunications equipment to resist efforts to extract key. SOURCE: CNSSI-4009 Extranet – A private network that uses Web technology, permitting the sharing of portions of an enterprise’s information or operations with suppliers, vendors, partners, customers, or other enterprises. SOURCE: CNSSI-4009 Fail Safe – Automatic protection of programs and/or processing systems when hardware or software failure is detected. SOURCE: CNSSI-4009 Fail Soft – Selective termination of affected nonessential processing when hardware or software failure is determined to be imminent. SOURCE: CNSSI-4009 Failover – The capability to switch over automatically (typically without human intervention or warning) to a redundant or standby information system upon the failure or abnormal termination of the previously active system. SOURCE: SP 800-53; CNSSI-4009 Failure Access – Type of incident in which unauthorized access to data results from hardware or software failure. SOURCE: CNSSI-4009 Failure Control – Methodology used to detect imminent hardware or software failure and provide fail safe or fail soft recovery. SOURCE: CNSSI-4009 Pg 73
- Page 22 and 23: NIST IR 7298 Revision 1, Glossary o
- Page 24 and 25: NIST IR 7298 Revision 1, Glossary o
- Page 26 and 27: NIST IR 7298 Revision 1, Glossary o
- Page 28 and 29: NIST IR 7298 Revision 1, Glossary o
- Page 30 and 31: NIST IR 7298 Revision 1, Glossary o
- Page 32 and 33: NIST IR 7298 Revision 1, Glossary o
- Page 34 and 35: NIST IR 7298 Revision 1, Glossary o
- Page 36 and 37: NIST IR 7298 Revision 1, Glossary o
- Page 38 and 39: NIST IR 7298 Revision 1, Glossary o
- Page 40 and 41: NIST IR 7298 Revision 1, Glossary o
- Page 42 and 43: NIST IR 7298 Revision 1, Glossary o
- Page 44 and 45: NIST IR 7298 Revision 1, Glossary o
- Page 46 and 47: NIST IR 7298 Revision 1, Glossary o
- Page 48 and 49: NIST IR 7298 Revision 1, Glossary o
- Page 50 and 51: NIST IR 7298 Revision 1, Glossary o
- Page 52 and 53: NIST IR 7298 Revision 1, Glossary o
- Page 54 and 55: NIST IR 7298 Revision 1, Glossary o
- Page 56 and 57: NIST IR 7298 Revision 1, Glossary o
- Page 58 and 59: NIST IR 7298 Revision 1, Glossary o
- Page 60 and 61: NIST IR 7298 Revision 1, Glossary o
- Page 62 and 63: NIST IR 7298 Revision 1, Glossary o
- Page 64 and 65: NIST IR 7298 Revision 1, Glossary o
- Page 66 and 67: NIST IR 7298 Revision 1, Glossary o
- Page 68 and 69: NIST IR 7298 Revision 1, Glossary o
- Page 70 and 71: NIST IR 7298 Revision 1, Glossary o
- Page 74 and 75: NIST IR 7298 Revision 1, Glossary o
- Page 76 and 77: NIST IR 7298 Revision 1, Glossary o
- Page 78 and 79: NIST IR 7298 Revision 1, Glossary o
- Page 80 and 81: NIST IR 7298 Revision 1, Glossary o
- Page 82 and 83: NIST IR 7298 Revision 1, Glossary o
- Page 84 and 85: NIST IR 7298 Revision 1, Glossary o
- Page 86 and 87: NIST IR 7298 Revision 1, Glossary o
- Page 88 and 89: NIST IR 7298 Revision 1, Glossary o
- Page 90 and 91: NIST IR 7298 Revision 1, Glossary o
- Page 92 and 93: NIST IR 7298 Revision 1, Glossary o
- Page 94 and 95: NIST IR 7298 Revision 1, Glossary o
- Page 96 and 97: NIST IR 7298 Revision 1, Glossary o
- Page 98 and 99: NIST IR 7298 Revision 1, Glossary o
- Page 100 and 101: NIST IR 7298 Revision 1, Glossary o
- Page 102 and 103: NIST IR 7298 Revision 1, Glossary o
- Page 104 and 105: NIST IR 7298 Revision 1, Glossary o
- Page 106 and 107: NIST IR 7298 Revision 1, Glossary o
- Page 108 and 109: NIST IR 7298 Revision 1, Glossary o
- Page 110 and 111: NIST IR 7298 Revision 1, Glossary o
- Page 112 and 113: NIST IR 7298 Revision 1, Glossary o
- Page 114 and 115: NIST IR 7298 Revision 1, Glossary o
- Page 116 and 117: NIST IR 7298 Revision 1, Glossary o
- Page 118 and 119: NIST IR 7298 Revision 1, Glossary o
- Page 120 and 121: NIST IR 7298 Revision 1, Glossary o
NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />
External <strong>Information</strong> System Service<br />
Provider –<br />
A provider <strong>of</strong> external information system services to an organization<br />
through a variety <strong>of</strong> consumer-producer relationships, including but<br />
not limited to: joint ventures; business partnerships; outsourcing<br />
arrangements (i.e., through contracts, interagency agreements, lines<br />
<strong>of</strong> business arrangements); licensing agreements; and/or supply chain<br />
exchanges.<br />
SOURCE: SP 800-37; SP 800-53<br />
External Network – A network not controlled by the organization.<br />
SOURCE: SP 800-53; CNSSI-4009<br />
External <strong>Security</strong> Testing – <strong>Security</strong> testing conducted from outside the organization’s security<br />
perimeter.<br />
SOURCE: SP 800-115<br />
Extraction Resistance – Capability <strong>of</strong> crypto-equipment or secure telecommunications<br />
equipment to resist efforts to extract key.<br />
SOURCE: CNSSI-4009<br />
Extranet – A private network that uses Web technology, permitting the sharing<br />
<strong>of</strong> portions <strong>of</strong> an enterprise’s information or operations with<br />
suppliers, vendors, partners, customers, or other enterprises.<br />
SOURCE: CNSSI-4009<br />
Fail Safe – Automatic protection <strong>of</strong> programs and/or processing systems when<br />
hardware or s<strong>of</strong>tware failure is detected.<br />
SOURCE: CNSSI-4009<br />
Fail S<strong>of</strong>t – Selective termination <strong>of</strong> affected nonessential processing when<br />
hardware or s<strong>of</strong>tware failure is determined to be imminent.<br />
SOURCE: CNSSI-4009<br />
Failover – The capability to switch over automatically (typically without human<br />
intervention or warning) to a redundant or standby information<br />
system upon the failure or abnormal termination <strong>of</strong> the previously<br />
active system.<br />
SOURCE: SP 800-53; CNSSI-4009<br />
Failure Access – Type <strong>of</strong> incident in which unauthorized access to data results from<br />
hardware or s<strong>of</strong>tware failure.<br />
SOURCE: CNSSI-4009<br />
Failure Control – Methodology used to detect imminent hardware or s<strong>of</strong>tware failure<br />
and provide fail safe or fail s<strong>of</strong>t recovery.<br />
SOURCE: CNSSI-4009<br />
Pg 73