NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

More documents

Recommendations

Info

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Federal Information Security Management Act (FISMA) – A statute (Title III, P.L. 107-347) that requires agencies to assess risk to information systems and provide information security protections commensurate with the risk. FISMA also requires that agencies integrate information security into their capital planning and enterprise architecture processes, conduct annual information systems security reviews of all programs and systems, and report the results of those reviews to OMB. SOURCE: CNSSI-4009 Federal Information System – An information system used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency. SOURCE: SP 800-53; FIPS 200; FIPS 199; 40 U.S.C., Sec. 11331; CNSSI-4009 Federal Information Systems Security Educators’ Association – (FISSEA) Federal Public Key Infrastructure Policy Authority (FPKI PA) – An organization whose members come from federal agencies, industry, and academic institutions devoted to improving the IT security awareness and knowledge within the federal government and its related external workforce. SOURCE: SP 800-16 The Federal PKI Policy Authority is a federal government body responsible for setting, implementing, and administering policy decisions regarding interagency PKI interoperability that uses the FBCA. SOURCE: SP 800-32 File Encryption – The process of encrypting individual files on a storage medium and permitting access to the encrypted data only after proper authentication is provided. SOURCE: SP 800-111 File Infector Virus – A virus that attaches itself to a program file, such as a word processor, spreadsheet application, or game. SOURCE: SP 800-61 File Integrity Checker – Software that generates, stores, and compares message digests for files to detect changes to the files. SOURCE: SP 800-61 File Name Anomaly – 1. A mismatch between the internal file header and its external extension; or 2. A file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension. SOURCE: SP 800-72 Pg 76
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms File Protection – Aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents. SOURCE: CNSSI-4009 File Security – Means by which access to computer files is limited to authorized users only. SOURCE: CNSSI-4009 Fill Device – COMSEC item used to transfer or store key in electronic form or to insert key into a cryptographic equipment. SOURCE: CNSSI-4009 FIPS – See Federal Information Processing Standard. FIPS-Approved Security Method – A security method (e.g., cryptographic algorithm, cryptographic key generation algorithm or key distribution technique, random number generator, authentication technique, or evaluation criteria) that is either a) specified in a FIPS, or b) adopted in a FIPS. SOURCE: FIPS 196 FIPS-Validated Cryptography – A cryptographic module validated by the Cryptographic Module Validation Program (CMVP) to meet requirements specified in FIPS 140-2 (as amended). As a prerequisite to CMVP validation, the cryptographic module is required to employ a cryptographic algorithm implementation that has successfully passed validation testing by the Cryptographic Algorithm Validation Program (CAVP). See NSA-Approved Cryptography. SOURCE: SP 800-53 FIPS PUB – An acronym for Federal Information Processing Standards Publication. FIPS publications (PUB) are issued by NIST after approval by the Secretary of Commerce. SOURCE: SP 800-64 FIREFLY – Key management protocol based on public key cryptography. SOURCE: CNSSI-4009 Firewall – A gateway that limits access between networks in accordance with local security policy. SOURCE: SP 800-32 A hardware/software capability that limits access between networks and/or systems in accordance with a specific security policy. SOURCE: CNSSI-4009 Pg 77
Page 2 and 3:
NIST IR 7298 Revision 1 Glossary of
Page 4 and 5:
NIST IR 7298 Revision 1, Glossary o
Page 6 and 7:
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27: NIST IR 7298 Revision 1, Glossary o
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
NIST IR 7298, Glossary of Key Infor
show all

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

Create successful ePaper yourself

Delete template?

Save as template?