NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

More documents

Recommendations

Info

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms A device or program that controls the flow of network traffic between networks or hosts that employ differing security postures. SOURCE: SP 800-41 Firewall Control Proxy – The component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination. SOURCE: SP 800-58 Firmware – The programs and data components of a cryptographic module that are stored in hardware within the cryptographic boundary and cannot be dynamically written or modified during execution. SOURCE: FIPS 140-2 Computer programs and data stored in hardware - typically in readonly memory (ROM) or programmable read-only memory (PROM) - such that the programs and data cannot be dynamically written or modified during execution of the programs. SOURCE: CNSSI-4009 FISMA – See Federal Information Security Management Act. Fixed COMSEC Facility – COMSEC facility located in an immobile structure or aboard a ship. SOURCE: CNSSI-4009 Flaw – Error of commission, omission, or oversight in an information system that may allow protection mechanisms to be bypassed. SOURCE: CNSSI-4009 Flaw Hypothesis Methodology – System analysis and penetration technique in which the specification and documentation for an information system are analyzed to produce a list of hypothetical flaws. This list is prioritized on the basis of the estimated probability that a flaw exists, on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system. SOURCE: CNSSI-4009 Flooding – An attack that attempts to cause a failure in a system by providing more input than the system can process properly. SOURCE: CNSSI-4009 Pg 78
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Focused Testing – A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Also known as gray box testing. SOURCE: SP 800-53A Forensic Copy – An accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm. SOURCE: SP 800-72; CNSSI-4009 Forensic Specialist – A professional who locates, identifies, collects, analyzes, and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered. SOURCE: SP 800-72 Forensics – The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data. SOURCE: CNSSI-4009 See Also Computer Forensics Forensically Clean – Digital media that is completely wiped of all data, including nonessential and residual data, scanned for malware, and verified before use. SOURCE: SP 800-86 Formal Access Approval – A formalization of the security determination for authorizing access to a specific type of classified or sensitive information, based on specified access requirements, a determination of the individual’s security eligibility and a determination that the individual’s official duties require the individual be provided access to the information. Formal Development Methodology – SOURCE: CNSSI-4009 Software development strategy that proves security design specifications. SOURCE: CNSSI-4009 Formal Method – Mathematical argument which verifies that the system satisfies a mathematically-described security policy. SOURCE: CNSSI-4009 Formal Proof – Complete and convincing mathematical argument presenting the full logical justification for each proof step and for the truth of a theorem or set of theorems. SOURCE: CNSSI-4009 Pg 79
Page 2 and 3:
NIST IR 7298 Revision 1 Glossary of
Page 4 and 5:
NIST IR 7298 Revision 1, Glossary o
Page 6 and 7:
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29: NIST IR 7298 Revision 1, Glossary o
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
NIST IR 7298, Glossary of Key Infor
show all

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?