NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
NISTIR 7298 Revision 1, Glossary of Key Information Security Terms
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
NIST IR <strong>7298</strong> <strong>Revision</strong> 1, <strong>Glossary</strong> <strong>of</strong> <strong>Key</strong> <strong>Information</strong> <strong>Security</strong> <strong>Terms</strong><br />
Advisory – Notification <strong>of</strong> significant new trends or developments regarding the<br />
threat to the information systems <strong>of</strong> an organization. This<br />
notification may include analytical insights into trends, intentions,<br />
technologies, or tactics <strong>of</strong> an adversary targeting information<br />
systems.<br />
SOURCE: CNSSI-4009<br />
Agency – Any executive department, military department, government<br />
corporation, government-controlled corporation, or other<br />
establishment in the executive branch <strong>of</strong> the government (including<br />
the Executive Office <strong>of</strong> the President), or any independent regulatory<br />
agency, but does not include: 1) the Government Accountability<br />
Office; 2) the Federal Election Commission; 3) the governments <strong>of</strong><br />
the District <strong>of</strong> Columbia and <strong>of</strong> the territories and possessions <strong>of</strong> the<br />
United States, and their various subdivisions; or 4) governmentowned<br />
contractor-operated facilities, including laboratories engaged<br />
in national defense research and production activities.<br />
SOURCE: FIPS 200; 44 U.S.C., Sec. 3502<br />
Agency Certification Authority –<br />
(CA)<br />
ALSO See Executive Agency.<br />
A CA that acts on behalf <strong>of</strong> an agency and is under the operational<br />
control <strong>of</strong> an agency.<br />
SOURCE: SP 800-32<br />
Agent – A program used in distributed denial <strong>of</strong> service (DDoS) attacks that<br />
send malicious traffic to hosts based on the instructions <strong>of</strong> a handler.<br />
Also known as a bot.<br />
SOURCE: SP 800-61<br />
A program acting on behalf <strong>of</strong> a person or organization.<br />
SOURCE: SP 800-95<br />
Alert – Notification that a specific attack has been directed at an<br />
organization’s information systems.<br />
SOURCE: CNSSI-4009<br />
Allocation – The process an organization employs to determine whether security<br />
controls are defined as system-specific, hybrid, or common.<br />
The process an organization employs to assign security controls to<br />
specific information system components responsible for providing a<br />
particular security capability (e.g., router, server, remote sensor).<br />
SOURCE: SP 800-37<br />
Pg 8